Wednesday, November 28, 2012

Why you shouldn't let Big Data run with federated ID

Reposted from Op Ed News

NSTIC, FICAM and other digital federated ID projects make a meal out of you 

Perhaps by overstating the obvious it might mirror exactly how obnoxious it is to hear the Dept. of Commerce’s privacy apologists tell us how “okay” it will be if we just allow them to decide what’s private and endorse federated ID for the Net along with them.

Here’s an illustration we can all relate to in adult terms. 

Everyone knows that girl from High School who went on to be a stripper.  Maybe she lived in a tough neighborhood, was exposed to high levels of impropriety, had little guidance or privacy protection. She had inadequate education and exercised very poor boundaries.  One day she became well compensated for “sharing” with gentlemen who paid to see it. One guy got interested in taking a few action snapshots without her notice or care. He started selling them to anyone who would pay.  He kept all the profit and didn’t bother telling the stripper. 
If the shoe fits....

His logic? She’s public anyway. So it’s allright to expose her for his direct profit indefinitely. 

Anyone with basic decency and a conscience understands why this scenario is unethical for a variety of reasons.

Let’s change up the scenario.  Let’s say the stripper from your High School is actually you when you signed up for a Facebook or a Gmail account. You don’t know enough to read the privacy notices or even care about your privacy because all you’re interested in doing is sharing. You delight all the ogling eyes you can dazzle. You are getting loads of new friends and attention and you feel special on the technology stage they gave you. Big Data comes along makes a record of what your doing. They take a few pictures and sell your information to: marketing firms, US intelligence firms, data mining aggregates, researchers, curious idiots, your employer, and finally the very people you don’t want to have that information because they know you are avoiding them.

Do you suddenly figure out you need to get some pants on, change your privacy settings and stop sharing so much?  Is it too late because your information has the same proliferation as Pamela Anderson’s sex tape?  I would say so.  She has copyright called public image limited and has a great legal defense team. You on the other hand didn’t think ahead enough. You were ignorant of the value of online reputation or data capital. 

Now let’s take a hard look at Harry Big Data.  You’re not getting any apology from him.  He’s made a lot of cash on your personal information.  He will keep making money from your information because he believes it belongs to him.  At some point he goes back to you and says that you and everything about you actually belongs to him because he takes the backend snapshots of you. Somehow that makes you public property. His lawyers are on standby to back him up.

This is an example of live legal argument getting tossed like a volleyball between Stanford, Harvard and MIT. Only it’s not your “dirty pictures”. It’s your entire digital dossier; which engrosses your family, your employment and perhaps everything else about you.

They tell you it’s public.  They tell you they own it.  They sell it.  And one day they will tell you they own you.

It’s already happening. 

There is a segment of Data Hedge capitalism that is actively engaged in identity policymaking at NIST with this means to that end. They are dominant players in the National Strategy for Trusted Identity in Cyberspace, a federated identity initiative. The idea is to link an authenticated credential directly to your real identity for a comprehensive log in “ecosystem” online.  Governance “needs to know who is using the Internet”. Sound familiar? That may be because NSTIC includes the US government’s digital version of Real ID.  

By NIST’s explanation both everything and nothing about you is hidden from both commerce and government when you go online in the ecosystem. Confused? That’s why they’ll need you to volunteer up for it.

Feel pushed? There’s a good reason for that.

The businesses involved with the US Dept. of Commerce and NSTIC have become very rich from the sale and exchange of your data. They believe if they collected enough about you and sold enough of your information on a frequent enough basis, they now have the mindset that they own your identity.  Who you are becomes what is theirs.  Very few technology lawyers are going to defend you.  You will get an apology and an explanation, but you won’t be getting any royalty check and you certainly won’t be part of Big Data’s profit distribution base.

You understand you played only a small part in this salvage yardsale of your identity, but you still played a part.  

If you volunteer up for any one of NSTIC’s federally funded offshoots like: Open ID, digital drivers licenses, biometric passports for exhibit on smartphones, or agree to federate your Social Security Number as your log-in online, this is a way to manufacture consent and legalize a digital brand of human trafficking.

Remarkable in it’s calculation, NSTIC still has managed to regard for the public’s role of consent in governance.  

There are many irons forged in the fires of lawmaking today which do not suit the public interest.  A comprehensive, voluntary federated ID “ecosystem” endorsed and standardized by the US government just happens to be one of them.

No comments: