Category: TRACE

Provenance

by

4 May 2014

16:38

Leave a comment on Provenance

TRACE

, ,

PROVENANCE is rather a nice word. I hadn’t really come across it before a month or two ago, which is weird considering I am English. It means protecting our word, here is wikipedia better definition. I see it like this because it is to do with saving the truth. George Orwell’s 1984 was all about re-writing history, living a lie. Provenance is about preserving history.

So why the interest from my side? Well everything we do online is written digitally somewhere, and I think it would be good if our word is protected, its integrity is protected, even after we die.

Can I have back my digital identity please?

by

18 April 2014

21:49

Leave a comment on Can I have back my digital identity please?

TRACE

I heard a funny story last night. Imagine you are at the bank, and decide to change banks. You don’t like your bank anymore. So you say to them “can I take my identity with me please?”. Of course the bank refuses. Quite rightly in a way, because they may have your details in a database, but don’t have your identity. Your identity, or your digital identity, is scattered in databases, directories, excel and word files across the globe. You have no control, you cannot claim back your digital identity, because it is not an identity. Your identity is what you have in the physical world. You only have a digital identity if you own it and control it. This of course is not possible… or is it?

So you think you control your identity?

by

18 April 2014

17:31

Leave a comment on So you think you control your identity?

TRACE

So what makes your identity strong? Is it you?

Think about this… it is not what you say about yourself that makes your identity strong, it is what other people say. Clearly you have some influences, but it is not you that makes your identity strong, one could say its your reputation that is the backbone for your identity strength. Or is it?

Noh-Masks

I’ve been thinking about this lately, because you know it really doesn’t matter whether you have a good or a bad reputation. So long as you have one, and people are talking about you, your identity is strong. Your identity cannot be stolen. Persons with strongest identities are prominent figures nationally and internationally. A good President or a bad President, doesn’t matter, their identities are strong.

So does your identity=reputation? I made a post about this last month. I also published a paper in 2010 on this very subject. My conclusion both times was no, they are different, and need to be treated differently. This is true. Nevertheless I need to evolve this thinking a little, as it was missing some important observations.

The fact is the more references, i.e. people that refer to you, the stronger is your identity. Hence your identity is strengthened by exposure, and then by others pointing back at you, and saying that you are who you say you are. This is not reputation, this is your personal ecosystem. It is what they say that makes your personal ecosystem vibrant with positive or negative energy, i.e. your reputation.

So what? Well if it is so straight forward, then it should be possible for your digital identity to be equally strong. As long as the reference points (other digital identities) can point at a single digital identity (you) and claim that you are who you say you are digitally, then it should work, right?

I want a drink!

by

15 April 2014

18:16

Leave a comment on I want a drink!

TRACE

Yes, so you are under 25 years and want to buy a bottle of wine… or maybe something stronger from your local liquor store.

– You are requested for ID to prove you are old enough
– You produce ID
– ID that includes your name, date of birth, nationality, and your favourite colour and sexual orientation…. okay so I’m joking, just a little bit, here…

The problem is that the liquor store only needs to know if you are old enough to buy alcohol, nothing more…. why are we sharing so much of our personal information unnecessarily?

So what are you digitally?

by

15 April 2014

17:33

Leave a comment on So what are you digitally?

TRACE

You are a record in a database, an object in a directory (if you are lucky), an ID card, a line of text and numbers in a spreadsheet or a Word file. You are all of these and nothing… literally, when thinking about what you are digitally.

Then let us link this into your digital communications, or what I prefer to refer to as your ‘digital interactions’…. oppps there is no linkage…umm this means you are 1s and 0s in cyberspace, with nothing connecting you -your digital identity, with your digital interactions… seems rather sad.

So when is a digital interaction not a digital interaction?

by

4 April 2014

12:31

1 Comment on So when is a digital interaction not a digital interaction?

TRACE

, , , , ,

When the identity and associated roles -that trigger and consume- the digital interaction are not an integral part of the process. This means that participating parties cannot be legally held accountable for their actions. Principle consequence is a lack of absolute traceability in your organisation, and if there is some legal requirements, a need for manual paper processes to run in parallel with the digitised processes.

There are additional consequences:

  • a lack of traceability gives limited transparency which means you don’t have control over the information in your organisation.
  • When legality comes into play, there is the extra cost of running the digitised process parallel with a manual process.
  • From a compliance perspective, although you can assign responsibility to roles, you cannot tie accountability with the responsibility because the -so called- identities and appointed roles are not really a part of the digital interaction.
  • From a security angle, the risks to the integrity and confidentiality of your information is increased as the identity, or lack of a strong digital identity weakens the complete digital interaction/cycle.

Although many identity products tout to solve this problem, they do not. The reason why is that they are based on the use of a digital identity, and as I mentioned in the first post in this series, digital identities as used in main today are not identities at all! They weaken with exposure, not reflecting the real world whereby our physical identity strengthens with exposure. They are not people-centric but database/directory centric. This presents significant risks to the integrity and confidentiality of all digital interactions.

So in returning to the original question. The answer is when the digital interaction is pulling identities from a database or directory, not from the identity holder. What is needed is to weave a digital identity that is centric to the individual, one that is strengthened by reference authorities into the digital interaction. This is a true digital interaction anything less is not a digital interaction at all.

Turning the identity thing upside down

by

2 April 2014

20:13

1 Comment on Turning the identity thing upside down

TRACE

, , ,

Haven’t you thought it as strange that your digital identity becomes weaker the more it is exposed? In fact is it an identity at all? After all it is only a record in a database, or an object comprised of attributes in an X.500 tree, or something written on a plastic ‘id card’. It is all of these, and replicated, maybe hundreds of instances, accurately and inaccurately all over the world.

In fact where is your digital identity? Is it real? If it is real then why do you have no control over it?

Why does your digital identity not reflect exactly how your physical identity works in the real physical world? When you are born you are referenced, i.e. probably starting with your parents declaring that you are their son/daughter and what your name is (your identity), relations and friends do the same… your identity strengthens. You start kindergarten and school, perhaps you have been assigned a national id number…. you are referenced, every reference to you strengthens your identity. The louder you shout, the more famous you become, the stronger your identity grows. In fact the President, Prime Minister, King, Queen, etc., probably have the strongest identities.

It is difficult to commit identity fraud on strong identities. So I return to my first question, why does it not work the same in the digital world?

Glad födelsdag – Happy Birthday – for your Swedish ID#

by

18 May 2009

10:14

2 Comments on Glad födelsdag – Happy Birthday – for your Swedish ID#

European Union, Information Privacy, Privacy, Sweden, TRACE

, , , , , , , , , , ,

I was surprised when taking a coffee with one of my colleagues in the office. She received an SMS thanks from another of our colleagues her for the birthday greeting. When I asked her, how did she know, she said she found it online at http://www.birthday.se/kontakta-oss/Default.aspx. She then told me when my birthday was and even a map to where I lived (although they did get this wrong). Nevertheless surprise became horror. I had already removed my details from www.hitta.se only to find myself at another site. So I checked with a previous colleague of mine (Martin Da Fonseca) that studied security law in Sweden if this was in fact legal? And this was his response.

“It is legal. The service provided by Upplysning.se is regulated in Kreditupplysningslagen (credit information legislation) (1973:1173).

I believe the service provided by birthday.se is using (or exploiting) the fact that this information is considered “public information” (allmän handling), because it is stored at a goverment agency. As part of Tryckfrihetsförordningen (“freedom of press”, sort of) (1949:105) 2:1 it says that every Swedish citizen shall have the right to access to public documents. All documented information that a goverment agency has is to be considered public. This is also regulated by Sekretesslagen (official secrets legislation) (1980:100), which states when information is to be considered secret and not part of public documentation. Personuppgiftslagen (1998:204) is also in effect here; it is applied on the actual agencies storing the information. And perhaps to some extent on companies like Birthday.se, depending on what they do with the information (if they store it).”

Should I really be surprised? Not really, as mentioned it’s not the first time in Sweden I’ve needed to remove my personal information from some public register. And getting it removed is a pain, many phone calls, and then like magic it pops up again a year or two later! I believe that this is in direct contravention of the EU directive on Data Privacy. Am I wrong here? Surely I must be? Although Sweden is quite ‘transparent’ in how it operates, there there is much trust between the government and its citizens that makes Sweden quite unique. Transparency is a part of the EU directive, although we should give our consent to sharing personal data. Maybe i have done this automatically by becoming a resident of Sweden. The personal ID is not compulsory in Sweden but its just about imposssible to operate without it. Just try taking out a prescription at the chemist without this ID, you can when they realise that they have no choice, like what happened when I lost my ID, but it takes time and is very annoying if you end up with someone that insists on following the rules. This ID is shared everywhere and is really easy to get hold of. It is composed of date-of-birth (which you can find on www.birthday.se) yymmdd-xxxx and four digits, that are even if you are female and odd if you are mail.

There are cases in the U.S. whereby the addresses of car drivers were public until some celebrity was murdered due to the availability of this information. This is evidence that placing this type of information in public domain is dangerous! Does this mean that Sweden has worse data privacy for their citizens than what is found in the U.S.? Is this possible for a country of the EU?