We “won” the NymWars? did we?

Mid-July,  friend called me up out of the blue and said “we won!”

“We won what” I asked.

“Google just officially changed its policy on Real Names”

He said I had  to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.

They also created a climate online where it was OK and legitimate for service providers to insist on real names.

For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.

This was the Google Announcement:

[Read more...]

Web Wide Sentence Level Annotation -> Hypothes.is

I first met Dan Whaley last spring via an introduction from Jim Fournier co-founder of Planetwork.  I was inspired by the vision he was working on building Hypothes.is -  a way to have sentence level annotation of news and other articles on a web wide scale. Really a foundation for peer review on the web. The motivation for his work is to support greater discernment of the truth around climate change and other key issues facing our society and our planet.  (Another area I could see this being really useful right now is around accountability in the financial system and ways to make that real.)

He asked me to be a part of the project as an advisor particularly around identity issues and technology options for identity.  He is taking my advice and coming to IIW this coming week.  Its an honor to be amongst other distinguished advisors like Brewster Kahle,  John Perry Barlow,  Mark Surman and others..

He has been working on a development plan and has a solid on one in place.  He has launched a Kickstarter Campaign and  stars in the video that articulates the vision of the project.  If you are inspired by the vision I encourage you to contribute.

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more...]

Google+ says your name is “Toby” NOT “Kunta Kinte”

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more...]

Lets try going with the Mononym for Google+

Seeing that Google+ is approving mononyms for some (Original Sai, on the construction of names Additional Post) but not for others (Original Stilgherrian Post Update post ).

I decided to go in and change my profile basically back to what it was before all this started.  I put a  ( . ) dot in the last name field.  In my original version of my google proflile my last name was a * and when they said that was not acceptable I put my last name as my online handle “Identity Woman”.

[Read more...]

Google+ and my “real” name: Yes, I’m Identity Woman

When Google+ launched, I went with my handle as my last name.  This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me.  Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.

One theory I have about why this works is because it is not obvious how you pronounce my name when you read it.  And conversely, it isn’t obvious how you write my name when you hear it.  So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally.  It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.

So today…I get this

I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.

Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.

[Read more...]

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more...]

Alignment of Stakeholders around the many NSTIC Goals

 

The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more...]

Proactive Development of Shared Language by NSTIC Stakeholders

This is the “punchline section” (in my response it is after what is below…the history of collaboration in the identity community):

Proactive Development of Shared Language by NSTIC Stakeholders

In 2004-5 the Identity Gang (user-centric identity community) was 1/10 the size of the current NSTIC stakeholder community.  It took us a year of active grassroots effort to develop enough common language and shared understanding to collaborate. NSTIC doesn’t have 5-10 years to coalesce a community that can collaborate to build the Identity Ecosystem Framework. To succeed, the National Program Office must use processes to bring value and insight while also developing  shared language and understanding amongst stakeholders participating.

[Read more...]

NSTIC Response by Identity Woman

Context for my response to the NSTIC Governance NOI

Table of Contents to Blog Posts of My Response

My Complete Response in PDF form Kaliya-NSTIC-NOI

Introductory Letter of the Response.

Context for my NSTIC NOI response

I surprised myself when writing my response to the NSTIC (National Strategy for Trusted Identities in Cyberspace)  Governance NOI (Notice of Inquiry).  I wasn’t sure exactly what I was going to say because the questions seemed like they were way ahead of where they should be interms of where things were.  I decided to begin by sharing important Context, Frames and Terms that were important before getting to the Questions of Governance and what should be done now.

I began with the word Ecosystem – what it meant and that a system was at the heart of this strategy not something simple or easily actionable.

I touched on the history of the Identity Community and how much conversation and intensive dialogue happened amongst that early community to get to a place where collaboration was natural and “easy”. A huge amount of effort went into developing shared language and understanding then and this is needed once again.  The range of self identified stakeholders for NSTIC is quite large (the range of not self identified stakeholders it could be said is everyone on the planet or at least all those with a digital connection (via phone or interent).

I put forward two different methods/tools/processes that could be used to form shared language and understanding across this stakeholder community Polarity Management and Value Network Mapping.

I suggest that the governance structure proposed a “steering group” actually have a mandate to regularly listen to and act on the recommendations of the system that are generated via 3 different well established dialogic processes (Creative Insight Council, World Cafe and Open Space Technology [What we use at IIW]. I then answer the NOI questions referencing the ideas above.

I am going to be posting the whole of my Response in a series of posts and linking them all from there.

I began with one earlier last week which is focused on “trust” both as an emergent property of the overall system AND as the current name of technology and policy/legal frameworks for identity creation.


Links to NSTIC Response Posts:

[Read more...]

We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010″

This is completely the wrong frame to foster community collaboration.

Chris Messina at Google – Good for him, Google & The Identity/Social Web Community.

I was one of the first people to congratulate Chris Messina on his blog when he announced he was going to Google. It was a personal congratulations. I wasn’t sure if it was good overall for the open web vision or the community as a whole. In the end after thinking about it for a few days I feel it is a good move for them, for Google and for the community. The rest of this post explains why.

With Chris going to Google it gives them three seats on the OpenID board (Joseph and Chris are both community board members and Google has a corporate paying board member seat filled by Eric Sachs). It concentrates a lot of power at Google and I agree with Eran’s concerns from Marshall’s RWW/NYTimes article …why be “open” if you can just have an internal product meeting with Brad Fitzpatrick and a few other Googlers and “ship” a product without reaching out to others. I agree with the concern and I think there will be enough eyes on these individuals in particular and Google in particular to challenge them if they do that.

Thursday morning I sat at “geek breakfast” in Berkeley with a friend discussing Chris and Joseph’s move to Google. We mused about how many people we knew who “get social” have been at Google and because “Google didn’t get social” they were unhappy so they left, Kevin Marks being just the latest example leaving in the fall for British Telecom/Ribbit where he works for JP Rangaswami, the CIO who really gets open.
Given this, if “just” Joseph Smarr was going to Google he would be more “alone” trying to “do social right” at Google. Yes, he would have allies but no one quite as high profile as himself. With Chris Messina there too, there are now two major committed community leaders who can work the politics involved in helping Google to “get” social and actually do it right. If anyone has a hope inside that big company it is those two and I don’t think either could be as effective alone.
If Chris and Joseph fail, that is if they get frustrated and leave (which they can at any time they want cause they are very “employable” because of their profiles by a whole range of companies in the valley) then is a sign that Google doesn’t really “get” social and isn’t moving in the right direction in terms of supporting the emergence of an open standards based, individually empowering & social web.
With Zuckerberg’s statement’s about privacy and the recent actions by Facebook to make user-information public, Google has a huge opportunity to live up to its slogan of “not doing evil”. Over the fall Google made some promising statements on the meaning of open and took action spinning up the Data Liberation Front.
I know many people who currently are and have been at Google. All of them talk about how secure things are internally – it is not possible to go into their systems and “look up a user” and poke around at what they have in their e-mail, or what they have searched on or what is in their google docs. Algorithms look at people’s stuff there, not people. Google takes their brand and reputation for protecting people’s private information seriously. I am not particularly starry eyed about Google thinking they can do no evil – they are just a company driven by the need to make a profit. I worry that they might be becoming too dominant in some aspects of the web and that there are legitimate concerns about the monopoly power they have in certain market area.
I don’t see this as a Google vs. Facebook fight either. Chris, Brad, Eric, Joseph are all at Google & David Recordon and Luke at Facebook; they are all good friends socially and are just six people in the overall identity community made up of about 1000 people at 100’s of companies. Yahoo!, AOL, Microsoft (enterprise & MSN side), are all involved along with PayPal, Amazon, BT, Orange, Mozilla, Sun, Equifax, Apple, Axiom, Oracle, & many many more. They all come together twice a year at the Internet Identity Workshops and other events to collaborate on innovating open standards for identity on the social web.
I invite those who want to participate in the dialogue to consider attending the 10th Internet Identity Worskshop May 18-20.

I take the health of the identity community, its over all tone and balance quite seriously. I helped foster it from the beginning really starring in March of 2004 including 9 months from June of that year until January 2005 it was my first major job – evangelizing user-centric identity and growing the community to tackle solving this enormous problem (an identity and social layer of the web for people). I along with others like Doc Searls, Phil Windley, Drummond Reed, Bill Washburn, Mary Ruddy, Mary Rundle, Paul Trevithick, Dick Hardt, Eugene Kim & many others formed the identity community. Having put my heart, soul, sweat and tears into this community and working towards good results for people & the web, I don’t say what I say in this post lightly.

The Age of Privacy is Over????

ReadWriteWeb has coverage of Zuckerberg’s talk with Arrington at the Crunchies. According to him, the age of Privacy is Over. This is the quote that is just STUNNING:

..we decided that these would be the social norms now and we just went for it.

When I first heard it in the interview in the video I did a major double take – “we decided” ?? seriously? The we in that sentence is Facebook and clearly with Zuckerburg is at the helm – He could have said “I decided” and he as the CEO of a social network has the power to “decide” the fate of the privately shared amongst friends in the context of this particular social network for millions of people (see my post about the privacy move violating the contract with users). It makes you wonder if this one platform has too much power and in this example makes the case for a distributed social network where people have their own autonomy to share their information on their own terms and not trust that the company running a platform will not expose their information.

It is clear that Zuckerberg and his team don’t get social norms and how they work – people create social norms with their usage and practices in social space (both online and off).

It is “possible” to change what is available publicly and there for making it normal by flipping a switch and making things that were private public for millions of people, but it is unethical and undermines the trust people have in the network.

I will agree there is an emerging norm that young men working building tools in Silicon Valley have a social norm of “being public about everything”, but they are not everyone. I am looking forward to seeing social tools developed by women and actual community organizers rather then just techno geeks.

I will have more to say on this later this week – I was quite busy Saturday – I ran the Community Leadership Summit, yesterday I flew to DC and today I am running the Open Government Directive Workshop. While I am here I hope to meet with folks about Identity in DC over the next 2 days.

Demand for Web 2.0 suicides increasing

I went to the suidicemachine and got this message

We apologize to all our users for the breakdown of our service! Within the last hours the huge demand for 2.0 suicides completely overblew our bandwidth resources!

We are currently considering relocating to another serverfarm. Please consider suicide at a later moment and accept our apologies!

You can still try to catch a free slot, but chances are quiet low at the moment!

More from their site….

Faster, Safer, Smarter, Better Tired of your Social Network?

Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete all your energy sucking social-networking profiles, kill your fake virtual friends, and completely do away with your Web2.0 alterego. The machine is just a metaphor for the website which moddr_ is hosting; the belly of the beast where the web2.0 suicide scripts are maintained. Our services currently runs with facebook.com, myspace.com and LinkedIn.com! Commit NOW!

You can even see video’s about what happens as one uses the machine.

ok the FAQ’s get eve better…..

I always get the message “Sorry, Machine is currently busy with killing someone else?”. What does this mean?
Our server can only handle a certain amount of suicide scripts running at the same time. Please consider your suicide attempt at a later moment! We are very sorry for the inconvenience and working on expanding our resources.

If I kill my online friends, does it mean they’re also dead in real life?
No!   

What do I need to commit suicide with the Web 2.0 Suicide Machine?
A standard webbrowser with Adobe flashplugin and javascript enabled. So, it runs on Windows, Linux and Mac with most of browsers available.   

I can’t see my friends being killed, what happened?
Probably your flash-plugin is older than version 10? But yikes – you cannot stop the process anymore! Once you entered the login details, the machine is running the suicide script.   

If I start killing my 2.0-self, can I stop the process?
No!   

If I start killing my 2.0-self, can YOU stop the process?
No!   

What shall I do after I’ve killed myself with the web2.0 suicide machine?
Try calling some friends, talk a walk in a park or buy a bottle of wine and start enjoying your real life again. Some Social Suiciders reported that their life has improved by an approximate average of 25%. Don’t worry, if you feel empty right after you committed suicide. This is a normal reaction which will slowly fade away within the first 24-72 hours.

Do you store any data on your webserver, like password of the user?
We don’t store your password on our server! Seriously, it goes directly into /dev/null, which is equal to nirvana! We only save your profile picture, your name and your last words! Will the 2.0 suicide machine be available for other networks such as twitter and plaxo? We are currently working on improving our products!. Currently we are working on Flickr and Hyves, but of course we are eagerly thinking of ways to get rid of our “Google Lifes”.   

How does it work technically?
The machine consists of a tweaked Linux server running apache2 with python module. Selenium RC Control is used to automatically launch and kill browser sessions. This all driven by a single python/cgi script with some additional self-written libraries. ?Each user can watch her suicide action in real-time via a VNC remote desktop session, displayed on our website via an flash applet rendered live into the client’s webbrowser. We are also running some customized bash scripts plus MySQL in the background for logging and debugging, jquery for the website and a modified version of the great FlashlightVNC application built in Flex. Web2.0 Suicide Machine consists of roughly 1800 lines of self-written code.   

Why do we think the web2.0 suicide machine is not unethical?
Everyone should have the right to disconnect. Seamless connectivity and rich social experience offered by web2.0 companies are the very antithesis of human freedom. Users are entraped in a high resolution panoptic prison without walls, accessible from anywhere in the world. We do have an healthy amount of paranoia to think that everyone should have the right to quit her 2.0-ified life by the help of automatized machines. Facebook and Co. are going to hold all your informations and pictures on their servers forever! We still hope that by removing your contact details and friend connections your data is being cached out from their servers. This can happen after days, weeks, months or even years. Just deactivating the account is thus not enough! [emphasis mine]

How much does it cost to kill myself?
Usage of Web 2.0 Suicide machine is for free.   

Can I build my own suicide machine?
Theoretically yes! You’ll need a Linux WebServer (apache2) with perl and python modules (php should be installed as well). Further, you’ll need VNC-server and Java packages by Sun to launch selenium-remote applets. If you feel like contributing or setting up your own machine, please get in contact with us via email.

Facebook Privacy Changes leave us “Socially Nude”

Read Write Web published a guest post by me about how the changes at facebook last week leave us Socially Nude.

Facebook’s Privacy Move Violates Contract With Users

Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable.

This represents just the latest instance of Facebook violating the contract it holds with its users. This is no small matter, either. Lots of people will have very real and valid objections to this arbitrary change to what’s public and what’s private on Facebook.

….an articulation of the nature of the social contract sites with social features have with users….

I wonder how many more times they will get strip us down, leaving our familiar social clothes and underware on the floor, and leaving us socially nude.

I think it is unethical and I agree with the concern that Jason Calacanis raises about how this will affect other Internet companies. “Facebook’s reckless behavior is… simultaneously making users distrust the Internet and bringing the attention of regulators.” This change will affect all of us working on building the new techno-social architecture of our society via the web.

FastCo Post on Governemnt Experiments with Identity Technologies

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of IDAnonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenIDTypically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

Directed IdentityWhen you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.

How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21″. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

Open Identity for Open Government Explained

Today the United States Government with digital identity industry leaders announced the development of a pilot project with NIH and related agencies using two of the open identity technology standards OpenID and Information Cards.

This is, as a friend said to me, a “jump the shark moment” – these technologies are moving out from their technologists technology cave into mainstream adoption by government agencies. We are seeing the convergence of several trends transform the way citizens participate in and communicate with government:

  • Top-down support for open government
  • The proliferation of social media
  • The availability of open identity technologies

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and videocasts.

Today there are over 500 government websites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government websites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

The challenge is that supporting this kind of citizen interaction with government via the web means that identity needs to be solved. On the one hand you can’t just ask citizens to get a new user-name and password for all the websites across dozens of agencies that they log in to. On the other you also can’t have one universal ID that the government issues to you and works across all government sites. Citizens need a way to interact with their government pseudonymously & in the future in verified ways.

So how will these technologies work?

Those already familiar with OpenID know that typically when users login with it they give their own URL – www.openIDprovider.com/username. (see this slideshare of mine if you want to see OpenID 101) There is a little known part of the OpenID protocol called directed identity – that is a user gives the name of their identity provider – Yahoo!, Google, MSN etc – but not their specific identifier. The are re-directed to their IdP and in choosing to create a directed identity they get an identifier that is unique to the site they are logging into. It will be used by them again and again for that site but is not correlatable across different websites / government agencies. The good news is it is like having a different user-name across all these sites but since the user is using the same IdP with different identifiers (unlinked publicly) but connected to the same account they just have to remember one password.

Information Cards are the new kids on the identity block in a way – this is their first major “coming out party” – I am enthusiastic bout their potential. It requires a client-side tool called a selector that stores the user’s “digital cards”. Cards can be created by the end user OR third parties like an employer, financial institution, or school can also issue them.

In essence, this initiative will help transform government websites from basic “brochureware” into interactive resources, saving individuals time and increasing their direct involvement in governmental decision making. OpenID and Information Card technologies make such interactive access simple and safe. For example, in the coming months the NIH intends to use OpenID and Information Cards to support a number of services including customized library searches, access to training resources, registration for conferences, and use of medical research wikis, all with strong privacy protections.

Dr. Jack Jones, NIH CIO and Acting Director, CIT, notes, “As a world leader in science and research, NIH is pleased to participate in this next step for promoting collaboration among Assurance Level 1 applications. Initially, the NIH Single Sign-on service will accept credentials as part of an “Open For Testing” phase, with full production expected within the next several weeks. At that time, OpenID credentials will join those currently in use from InCommon, the higher education identity management federation, as external credentials trusted by NIH.” In digital identity systems, certification programs that enable a site — such as a government agency — to trust the identity, security, and privacy assurances from an identity provider are called trust frameworks. The OIDF and ICF have worked closely with the federal government to meet the security, privacy, and reliability requirements set forth by the ICAM Trust Framework Adoption Process (TFAP), published on the IDManagement.gov website. By adopting OpenID and Information Card technologies, government agencies can cost effectively serve their constituencies in a more personalized and user friendly way.

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon — it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

Under the OIDF and ICF’s open trust frameworks, any organization that meets the technical and operational requirements of the framework will be able to apply for certification as an identity provider (IdP). These IdPs can then supply authentication credentials on behalf of their users. For some activities these credentials will enable the user to be completely anonymous; for others they may require personal information such as name, email address, age, gender, and so on. Open trust frameworks enable citizens to choose the identity technology, identity provider, and credential with which they are most comfortable, while enabling government websites to accept and trust these credentials. This approach leads to better innovation and lower costs for both government and citizens.

The government is looking to leverage industry based credentials that citizens already have to provide a scalable model for identity assurance across a broad range of citizen and business needs – doing this requires a trust framework to assess the trustworthiness of the electronic credentials; see Trust Framework Provider Adoption Process (TFPAP).   A Trust Framework Provider is an organization that defines or adopts an online identity trust model involving one or more identity schemes, has it approved by a government or community such as ICAM, and certifies identity providers as compliant with that model. The OIDF and ICF will jointly serve as a TFP operating an Open Trust Framework as defined in their joint white paper, Open Trust Frameworks for Open Government.

Both the OpenID and Information Card Foundation have been working very hard on this for many months – last night I was fortunate to their boards at a history first ever joint dinner.

There are two women in particular though who have driven this forward: Judith Spencer of the Federal Identity, Credential, and Access Management Committee on the government side and Mary Ruddy of Meristic Inc on the industry side. Both of them will be speaking about the project at the Gov 2.0 Summit on Thursday.

Personally this announcement shows how far things have come since I facilitated the first Internet Identity Workshop in 2005 with 75 idealistic identity technologies talking about big ideas for use-centric identity. I am really looking forward to discussing these developments at the forthcoming 9th Internet Identity Workshop in November.

ID biz models “in the future maybe” says Johannes

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space – so he has thought a lot about the business models.

For those of you who don’t know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names  and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one – Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do – organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.   

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

DiSo ideas are not that new.

Reading these:

A Perfect Storm Forming for Distributed Social Networking- Read Write Web

Evolution of Blogging – GigaOm

The Push Button Web – Anil Dash

The inside Out Social Network – Chris Messina

The Future Social Web – Jeremiah Owyang

I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.

I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org)  that I was promoting.

———————— From Archive.org April 2004 ——————

ID Commons: Social Networking For Social Good: Creating Community Trust Infrastructure Through An Identity Commons

In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.

The LinkTank white paper outlined three main objectives:

  1. Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
  2. Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
  3. Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.

Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.

Identity Commons

[note this is a reference to the "first" Identity Commons - the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]

The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.

The Identity Commons is based on an implementation of two new OASIS standards:

XRI – a new identity addressing scheme fully compatible with URIs
XDI – specifies link contracts for shared use of data across the Internet

For more technical information see: http://xrixdi.idcommons.net

Once implemented, the Identity Commons infrastructure will:

  • Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
  • Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
  • Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
  • Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
  • Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
  • Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.

How is this different from what is already happening in the private sector?

Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.

The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.

Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.

In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.

The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.

————- end Identity Commons description from Planetwork’s 2004 site ———

Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) – XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.

Identity that is user owned, controlled managed – and this includes the preferences, attention data, uterances, 1/2 of transaction data – is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk – amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.

Folks from what the identity community (and perhaps should consider “updating” its name to the identity and social web community).…invented – as in used for the first time these two words together Social and Web – SOCIAL WEB – (according to wikipedia)

With the title of this paper: The Social Web: Creating An Open Social Network with XDI

This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet

Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization — which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.

The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.

There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision… to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn’t happen (yet).

I think the market wasn’t ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo’s that locked users in and people just “didn’t get” it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.

The 9th Internet Identity Workshop  is this November – and REGISTRATION IS OPEN!

There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.

Newspapers Dying – but we told you so…

Someone sent me this link from SF Gate this morning:

In the wake of the hugely depressing shutdown of the Rocky and the Seattle P.I., and with recent death threats to the SF Chronicle and what looks to be a savage year indeed for print newspapers everywhere, these big guns have all stepped away from their normal discussions of deep tech arcania and turned their attention to a 500-year-old technology undergoing its first epic, bloody revolution.

I know people who have been working and building the emerging web who have been trying to dialogue with those in the news industry for the last 9 years about what was happening and coming.

The grand upshot? They don’t really have any idea. But they have some curious, slippery, hopeful, but ultimately disappointing theories. Theories that, to my mind, consistently miss the mark, in at least one or two vital ways.

The dismissiveness tone of the article just sort of proves thew whole issue.

From Clay’s Shirky’s blogs Newspapers Think the Unthinkable:

The problem newspapers face isn’t that they didn’t see the internet coming. They not only saw it miles off, they figured out early on that they needed a plan to deal with it, and during the early 90s they came up with not just one plan but several. One was to partner with companies like America Online, a fast-growing subscription service that was less chaotic than the open internet. Another plan was to educate the public about the behaviors required of them by copyright law. New payment models such as micropayments were proposed. Alternatively, they could pursue the profit margins enjoyed by radio and TV, if they became purely ad-supported. Still another plan was to convince tech firms to make their hardware and software less capable of sharing, or to partner with the businesses running data networks to achieve the same goal. Then there was the nuclear option: sue copyright infringers directly, making an example of them.

It is as if when the web people say “i told you so” and “we tried to help” they plug their ears and continue to make noise so they just can’t “hear”.

continued from Clay’s essay…. The curious thing about the various plans hatched in the ’90s is that they were, at base, all the same plan: “Here’s how we’re going to preserve the old forms of organization in a world of cheap perfect copies!”

No technologists who are on the cutting edge of technology don’t know what is next – there are things people are working on in different corners – we are working on identity over here…Sem Web folks are working on their things. WE STILL DON’T KNOW but we do know it will arise out of the communities we are participating in and the emergent effect of the tools we use. The Newspaper people didn’t really roll up their sleeves and dive in to learn about the web and how to do what they do but in more interesting web ways (like linking in their articles that are online). Clay sites Craigs List as an example – of “we didn’t know” twitter is another more recent one.

Last year I worked with folks bringing the Journalism that Matters conference to Silicon Valley. I was hired specifically for my expertise in facilitating unconferences in geeky communities. They didn’t really want to hear what I had to say about what was needed in the event design to attract geeks (not that many came even though it was at Yahoo!). A month before the event happened they decided to just go ahead without further help/advice from me. I learned from this experience

  • They don’t understand web architecture (the first thing I told them was to get their online digital presence in order. – they had a different blog for each event, a bad late ’90’s site, they didn’t get how to organize a wiki).
  • Journalists work alone generally (making collaboartion with co-organizers on the conference a challenge).
  • There is a higher normative level of conflict in the tech world compared to the journalism world.
  • They are not experts in facilitating time/space for large groups of people (some how the agenda development was driven by the journalist’s need to “let certain people speak”)
  • They are in deep morning and loss for the way of their profession and were unable to engage/look at the future – they would need a lot of “emotional clearing” before they could think in new ways about the future.

There is one asset that was developed that I am quite proud of it is a value network map of the newsroom and the new news ecology.

Old News StoryEmerging News Ecology V1.0
I think these says a lot about what is going on and how to think about things in new ways. One of the reasons these got developed is they kept talking about “the news room” and I challenged the assumption that eveyone would know what that was.

Geeks and Social Algorythms

There is lots of coverage of the inventor of Dungeons and Dragon Mr. Gygax. I have spent a few days working with material about reputation and the difference between human knowing reputation and computational reputation. I have been thinking about how geeks and those coding social software and how for me as a community organizer it so often misses the mark. This excerpt made me chuckle cause it reminded me of part of the reason why. From the NYTimes:

Geeks like algorithms. We like sets of rules that guide future behavior. But people, normal people, consistently act outside rule sets. People are messy and unpredictable, until you have something like the Dungeons & Dragons character sheet. Once you’ve broken down the elements of an invented personality into numbers generated from dice, paper and pencil, you can do the same for your real self.

For us, the character sheet and the rules for adventuring in an imaginary world became a manual for how people are put together. Life could be lived as a kind of vast, always-on role-playing campaign.

Don’t give me that look. I know I’m not a paladin, and I know I don’t live in the Matrix. But the realization that everyone else was engaged in role-playing all the time gave my universe rules and order.

We geeks might not be able to intuit the subtext of a facial expression or a casual phrase, but give us a behavioral algorithm and human interactions become a data stream. We can process what’s going on in the heads of the people around us. Through careful observation of body language and awkward silences, we can even learn to detect when we are bringing the party down with our analysis of how loop quantum gravity helps explain the time travel in that new “Terminator” TV show. I mean, so I hear.

Keen attacks the “identity dog’s” right to exist.

In my home town paper the headline was Disconnect 1st Amendment from Internet hatemongers. The LA times version was Douse the Online Flamers: Faceless Internet sadists who ruin reputations don’t deserve full free-speech protection. Written by Andrew Keen the Cult of the Amateur guy – who wrote the book to get attention and blogs himself .

It begins with our little friend the “identity dog“.

THE CARTOON isn’t as amusing as it once was. “On the Internet, nobody knows you’re a dog,” one Web-surfing canine barked to another in that 1993 classic from the New Yorker. Back then, of course, at the innocent dawn of the Internet Age, the idea that we might all be anonymous on the Web promised infinite intellectual freedom. Unfortunately, however, that promise hasn’t been realized. Today, too many anonymous Internet users are posting hateful content about their neighbors, classmates and co-workers; today, online media is an increasingly shadowy, vertiginous environment in which it is becoming harder and harder to know other people’s real identities.

It goes into depth about several cases where anonymous online speech was harmful to people online.
And ends with him too..

All three of these cases indicate that the U.S. Supreme Court soon might need to rethink the civic value of anonymous speech in the digital age. Today, when cowardly anonymity is souring Internet discourse, it really is hard to understand how anonymous speech is vital to a free society. That New Yorker cartoon remains true: On the Internet, nobody knows you’re a dog. But it is the responsibility of all of us — parents, citizens and lawmakers — to ensure that contemporary Web users don’t behave like antisocial canines. And one way to achieve this is by introducing more legislation to punish anonymous sadists whose online lies are intended to wreck the reputations and mental health of innocent Americans.

I just finished reading Daniel Solove the Future of Reputation.
It goes in to great detail about the different forms that violations of privacy and reputation can happen and what the law has had to say about it.

One of the most important things to remember is that Virtue of Anonymity this is covered on page 139 of the chapter on Free Speech, Anonymity and Accountability (PDF).

The saga ofArticle III Groupie demonstrates how easy it seems to be anonymous on the Internet. A person can readily create a blog under a pseudonym or can post anonymous comments to blogs or online discussion groups. According to a survey, percent ofbloggers use pseudonyms rather than their real identities. Anonymity can be essential to free speech. As the Supreme Court has noted: “Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress ofmankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.”60 Anonymous speech has a long history as an important mode of expression.

Between 1789 and 1809, six presidents, fifteen cabinet members, twenty senators, and thirty-four congressmen published anonymous political writings orused pen names. It was common for letters to the editor in local newspapers to be anonymous. Ben Franklin used more than forty pen names during his life. Mark Twain, O. Henry, Voltaire, George Sand, and George Eliot were all pseudonymous authors. Indeed, James Madison, Alexander Hamilton, and John Jay published the Federal Papers under the pseudonym Publius. Their opponents, the Anti-Federalists, also used pseudonyms.62
Anonymity allows people to be more experimental and eccentric without risking damage to their reputations.63Anonymity can be essential to the presentation ofideas, for it can strip away reader biases and prejudices and add mystique to a text. People might desire to be anonymous because they fear social ostracism or being fired from their jobs. Without anonymity, some people might not be willing to express controversial ideas. Anonymity thus can be critical to preserving people’s right to speak freely.

He goes on to talk about the problems that non-accountable anonymous speech can create.

One page 148 he gets to Balancing Anonymity and Accountability. It covers “John Doe” Law suits and the Issues around Section 230 immunity – that ISP’s and other hosters like Yahoo! or even me on my blog are not responsible for what others say in online spaces we provide. The and cases that Keen points to are the result of the failing to find a way to apply Section 230 immunity well.

Solove proposes asks “What Should the Law Do?”

Although existing law lacks nimble ways to resolve disputes about speech and privacy on the Internet, completely immunizing operators of websites works as a sledgehammer. It creates the wrong incentive, providing a broad immunity that can foster irresponsibility. Bloggers should have some responsibilities to others, and Section 230 is telling them that they do not. There are certainly problems with existing tort law. Lawsuits are costly to litigate, and being sued can saddle a blogger with massive expenses. Bloggers often don’t have deep pockets, and therefore it might be difficult for plaintiffs to find lawyers willing to take their cases. Lawsuits can take years to resolve. People seeking to protect their privacy must risk further publicity in bringing suit.

These are certainly serious problems, but the solution shouldn’t be to insulate bloggers from the law. Unfortunately, courts are interpreting Section 230 so broadly as to provide too much immunity, eliminating the incentive to foster a balance between speech and privacy. The way courts are using Section 230 exalts free speech to the detriment ofprivacy and reputation. As a result, a host ofwebsites have arisen that encourage others to post gossip and rumors as well as to engage in online shaming. These websites thrive under Section 230’s broad immunity.

The solution is to create a system for ensuring that people speak responsibly without the law’s cumbersome costs. The task ofdevising such a solution is a difficult one, but giving up on the law is not the answer. Blogging has given amateurs an unprecedented amount ofmedia power, and although we should encourage blogging, we shouldn’t scuttle our privacy and defamation laws in the process.

He concludes

FREEDOM ON BOTH SIDES OF THE SCALE
Words can wound. They can destroy a person’s reputation, and in the process distort that person’s very identity. Nevertheless, we staunchly protect expression even when it can cause great damage because free speech is essential to our autonomy and to a democratic society. But protecting privacy and reputation is also necessary for autonomy and democracy. There is no easy solution to how to balance free speech with privacy and reputation. This balance isn’t like the typical balance ofcivil liberties against the need for order and social control. Instead, it is a balance with liberty on both sides ofthe scale—freedom to speak and express oneselfpitted against freedom to ensure that our reputations aren’t destroyed or our privacy isn’t invaded.

As I have tried to demonstrate in this chapter, a delicate balance can be reached, but it is not an easy feat. In many instances, free speech and privacy can both be preserved by shielding the identities ofprivate individuals involved in particular stories. With the Internet, a key issue for the law is who should be responsible for harmful speech when it appears on a website or blog. Much speech online can be posted by anybody who wants to comment to a blog post or speak in an online discussion forum. Commentators can cloak themselves in anonymity and readily spread information on popular blogs and websites. The law currently takes a broadly pro–free speech stance on online expression. As a result, it fails to create any incentive for operators ofwebsites to exercise responsibility with regard to the comments ofvisitors.

Balancing free speech with privacy and reputation is a complicated and delicate task. Too much weight on either side ofthe scale will have detrimental consequences. The law still has a distance to go toward establishing a good balance.

Andrew Keen is an ‘attention seeker’ (I had a ruder phrase in here but thought better then to publish it)- he is writing to be provocative, get attention and called upon to play the role of the ‘other side’ in a community that is experimenting with a range of forms of openness that challenge traditional or entrenched ‘expertise, authority and hierarchy’. Those threatened by emergence of power via new technologies ‘like’ what Andrew has to say. I think it is irresponsible for Andrew to call to the end of the First Amendment’s protection of Anonymous speech online because some small percentage of people are hurt by this – clearly there needs be some evolution in the law and the practices that we have to balance privacy and freedom.

IC and Data Portability

Here are some question asked in a recent conversation on the dataportability.org lists about IC along with my responses.

Maybe the Identity commons should be trying to set boundaries as being purely about identity?

An “open identity layer” that touches so much and there needs to be a “common space” to nash through the vastness of the problem – to deal with the technical, social and legal issues around people sharing their information in community and business contexts. We have this ultra extensible form and broad purpose to enable this to happen – there is “no committee in charge” no “one” or “company” or “group” is deciding what we “do” – we are a loose conglomeration that shares vision and values. Working independently but connectedly and commited to collaboration. It It is an ‘unconventional’ model that that is working to supposed and connect diverse conversations and technical efforts together.

Can we instead resolve that we promise to incorporate any decisions made by Identity commons as being part of our blueprint?

There are no “decisions made by Identity Commons” read our principles – we are a cluster of working groups that work independently.

Your blueprint (as a side note why there is still ‘one blueprint’ and not ‘blueprints’ plural at the very least or preferably ‘reference implementations’ in the plural form is still a mystery to me) will likely draw on tech stuff groups in IC have been working on for a while. Why not be a part of the ‘commons’ that they are a part of?

My perception of IDCommons is that it’s about Identity, and in your words, interoperable user-centric identity.

Most of the people who have been involved for the past several years got involved to help people have control of their ‘data’ – their identity the informatoin about them is part of what composes their identity. they didn’t get involved to ‘invent’ an identifier layer that didn’t “do” anything

I see DataPortability being about data sharing (in a technical sense)Identity is clearly a very important part of that but I don’t see much at all on IDCommons about data sharing. It’s as though DP has a wider scope of which IDCommons is a major part.
The exceptions to this view are

  • Identity Schemas group
  • Photo Group
  • Data Sharing group

None of which seem to have much activity.

* OpenID has attribute exchange and Discovery in it – all about data sharing.
* Higgins & Bandit and the Pamela project ALL about infrastructure for card based tools that are all about data sharing for people.
* Project VRM all about how to create a new industry model to revolutionaize CRM and put individuals in charge of their data in radical new ways when relating to companies they do business with.
* I-brokers – their job is to stor data about people and have it be trusted.
* IRA – Identity Rights Agreements – all about how we create human understandable terms of service and norms in this area (it is a huge project and has interested folks but really needs a multi hundreds of thousands of dollars in legal work to ‘do it’).
* XRI and XDI two standards with roots in IC all about data sharing that can be applied to both peoples personal data and other forms of data that have nothing to do with people.
* OSIS is the Open Source Identity System and having its 3rd Interop event at RSA (The major security conference) in April with over 200 tests between relying parties, identity providers and (user-agents) card selectors. this group is ‘only’ a working group of IC (it does not have its own independent legal entity/or affiliation with another one as a project). People moving data around is what all this card stuff is about.

So. I am not sure where we have groups that are not in some way focused on this problem area.

DP is just the latest in a long line of initiatives that recognises the same underlying problem but none of the previous initiatives have captured mind share or really got traction.

Our goal is not to ‘capture [public] mind share’ (does the W3C, OASIS or IETF capture public mind share?) our goal is to facilitate the range of technical, social and legal initiatives that all need to happen to get and identity layer of the web – that shares people’s data in privacy protecing, conveninent and under their control. It is a huge problem – with many elements – having a loose community structure (with a slight bit of formalization) is actually working in some way to move this forward.

I think we’d be missing a lot if we scoped DP as a specialization of an “open identity layer”.

What do you think moving peoples personal information arournd – data portability is about. It is about building an ‘identity layer’ of the internet – for people and people’s DATA.

Chris has said a few times the scope of DP is to be narrow for now and focused on solving the data portability issue between mainstream social networks. This seems like something that fits into the purpose quite well.

Yes all data for all things needs to be moved around AND a good deal of data is created by people for people about people and the things the they do – hence the synergy.

Seems like semanitcs – when we wrote this purpose about two years ago this was the best we could do to describe this ‘vision’ it is VERY broad.

If DP wants to go beyond ‘people’ data that needs to move around GREAT – however much of that will be created by organizations and companies (that have identities).

Related Posts: What is Data Portability.org
What the Heck is Identity Commons?

What is Data Portability.org

I have like many working for years on different aspects of building an identity meta-system where users have control. have been listening to and in some cases contributing to the conversations at dataportability.org for a few months.

There seems to me to be two different but interrelated energetic focuses in the DP group

* one is evangeslistic and pushing a message out – out into the mainstreatm.

* the other is technical – around what tech to use, how to implement it, what ‘action to take’. (much of the activity around technical side of the identity stuff needed has been happening in the context of the Identity Commons community for several years)

* the policy group is relatively quite in DP (and at IC) this critical aspect is needed but there has yet to be a center of gravity around this in the world yet. When I look out on the landscape I see several nascent conversations and hope that those nascnet conversation leaders can be brought together – so a gravitational center that is collaborative between all the trains of thought can form and really get this to happen (it requires significant funding – brain power etc).

One of the community leaders said “the value of DataPortability is that it is a brand that can represent multiple communities.”

Another leader stated this “DP has a very specific goal. To research, document for mainstream consumption and evangelize best practices for DataPortability.”

It got me wondering about what DP’s brand “is”, if the primary focus “building a brand” and what will/does the brand mean and what does the organization do? The following are some crystalized ideas based on listening to and participating in the conversation. They are all very interesting possibilities.

* Does having the logo on your site mean something about how much control you give ‘users’/people the ability to move their data?

* Does it mean that ‘shared’ user data – the relationship that one user has with another or a record of a transaction that I did with a company – do both parties ‘own’ that information and have shared control over where it is ‘ported’ around?

* is it a public rallying call for ‘netizens’ to rally behind to demand that they have ‘data portability’ and with this large netizen organization go to ‘social network providers’ nd ‘demand’ that they install technology to make it easy?

* is it a ‘trade’ association of technology sites that agree to adopt open standards, do testing and hold each other accountable in getting this to happen?

* does it innovate the strong ‘business case’ for companies with large numbers of users (and those starting to grow the number of users) might actually spend development dollars that enable DP rather then ‘do it later’ after other key features are rolled out?

* is it a movement of advocates and net early adopters who want to create a buzz and “move” large social network providers to invest in the standards and technologies needed to support people being able to move their data?

* is it a place where the technical issues in making this vision a reality are figured out and the ‘answers’ (reference implementations) are promoted?

* Is it an ‘open brand’ that anyone can point to and ‘define’ for themselves and say they do it?

* Is it a brand like OSI (Open Source Initiative)that has an a process that defines what is and is not qualified ‘open source’ licence?

* Is it a brand that holds events to talk about the broad subject of Data Portabilty – (a vast problem – with many potential solutions)?

* Is it a “Movement” lead by a charismatic leader or group that has ‘followers’ (think Free Software as an example of this kind of movement)?

* is it an umbrella/coordinating space for different sector groups to find each other and collaborate on the shared by different problem space (health care, insurance, retail, nonprofit groups, airlines etc – etc) in an extensible way?

There is a related post about Identity Commons and DP
and What the Heck is Identity Commons?

Your ‘dead’ but you are not really dead.

From Slashdot:

According to MSNBC, thousands of U.S. citizens have wrongfully been declared dead, due to an average of 35 data input errors per day by the Social Security Administration (SSA). Many other agencies rely on the data provided by the SSA, such as the IRS. People who have been wrongfully declared dead face many problems, such as rejection of tax returns, cancellation of health insurance, and closure of bank accounts. The article states, ‘Input of an erroneous death entry can lead to benefit termination and result in financial hardship for a beneficiary.’ Apparently it is far easier to declare a person’s death than it is to correct the mistake. It continues, ‘Social Security says an erroneous death record can be removed only when it is presented with proof that the original record was entered in error. The original error must be documented, and the deletion must be approved by a supervisor after “pertinent facts supporting reinstatement” are available in the system.'”


From MSNBC
:

In all, Social Security officials had to “resurrect” 23,366 people from January 2004 to September 2005. In other words, over a period of 21 months, Social Security was presented with irrefutable evidence that it had been “killing” more than 1,100 people a month, or more than 35 a day.

Garbage in, garbage out
The problem begins at the Social Security Administration, keeper of most of the records tabulating deaths in the United States. Like other government agencies, the IRS, with whom Todd has most recently tangled, relies upon Social Security’s database, said Dan Boone, a spokesman for the IRS.

When Social Security determines that an eligible current or future beneficiary has died, it closes the person’s entry in its Case Processing and Management System, or CPMS.

The system is only as good as the data it receives. Sometimes, that isn’t very good.

Todd, for example, was killed when someone in Florida died and her Social Security number was accidentally typed in. Since then, her tax returns have repeatedly been rejected, and her bank closed her credit card account.

“One time when I [was] ruled dead, they canceled my health insurance because it got that far,” she said.

Toni Anderson of Muncie, Ind., expired when someone in the government pushed the wrong button, making the records declare that it was she, not her husband, John, who died Nov. 8.

Social Security even sent this letter: “Dear Mr. Anderson, our condolences on the loss of Mrs. Anderson.”

Commentary:

This is just one of a huge set of issues that arise from massive government databases that are maintained by people (who make mistakes). It a reminder that the ‘massive government database in the sky that determines who is and is not ‘alive’ or ‘dead’ is or is not a person is not going really the answer to identity problems – increasing reliance on them could make things worse.

Daniel Solove makes this point that bureaucracies don’t take care of people’s information well because they are data systems full of abstractions.

Bob Blakley talks about the fact that

Privacy is not about keeping personal information secret. It’s about ensuring that people who handle personal information respect the dignity of the individuals to whom that information refers.

Killing people in government databases before they are dead is not dignified.