Last week I did an interview with Forum One Communications about Identity and OpenID. For those of you who don’t know about Forum one they are doing a lot of good work connecting online community managers and online community platform providers and companies who have online communities related to their business. They have the Online Community Research Network and publish the Online Community Report I helped facilitate the Online Community Unconference and recently attended the Online Community Summit.
I thought it was going to be a recorded interview – like a podcast. It was instead a sort of group live chat interview. The questions were good and build upon each other. You can see it here. I hope that some of the people actively involved in online community will come and participate in some of our activity addressing identity issues online.
Identitification
What does 'federally approved secure licenses" mean?
My Husband Brian who forwards me articles from the mainstream press about identity sent me this article Feds Strike ID Deal Over NY Licenses
Saturday’s agreement with the Homeland Security Department will create a three-tier license system in New York. It is the largest state to sign on so far to the government’s post-Sept. 11 effort to make identification cards more secure.
Why Can’t they Here Us? Identification Cards don’t make us m ore secure. They infringe on our rights.
Article continued…
Under the compromise, New York will produce an “enhanced driver’s license” that will be as secure as a passport. It is intended for people who soon will need to meet such ID requirements, even for a short drive to Canada.
A second version of the license will meet new federal standards of the Real ID Act. That law is designed to make it much harder for illegal immigrants or would-be terrorists to obtain licenses.
A third type of license will be available to undocumented immigrants. Spitzer has said this ID will make the state more secure by bringing those people “out of the shadows” and into American society, and will lower auto insurance rates.
Incomplete Identity: Auren on Identity at Stanford Law
I was invited by Auren Hoffman (Rapleaf Reputation 3861) to see him talk at Stanford Law school this afternoon. So I Trecked all the way down there. I had high hopes given the description . . . …
Portable Identities and Social Web Bill of Rights
The future world of portable identities, reputations, and social graphs has many pluses and concerns. These portable systems could make the benefits of personalization, once only relegated to science fiction, a reality. The Social Web Bill of Rights makes the claim that users have the right to portability. But there are privacy implications to take into account as well. We will discuss an opt-out vs. and opt-in approach on data collection, privacy, and portability.
———
but I was disapointed. I first met with Auren in a Starbucks before Rapleaf was launching many years ago (in internet time). I had not seen him since despite inviting him to every Internet Identity Workshop since then.
When opening the talk the Stanford student gave the the description given of Auren’s goal with rapleaf was this “Enabling people to look up the online reputation of others. Making it profitable to be ethical.”
He opened articulating the basic components of the ‘ Social Media Users Bill of Rights‘
You Own:
- Your information (basic info about you -address height etc – and preferences)
- Your Social Graph
- Your Activity Stream
The key things for this to work control over who accesses it and the freedom to grant persistent access
He also had a slide that mentioned that it be verifiable (???) I was confused by this and was not sure where it was drawn from and was not further articulated. As a side note one of the things that Bob Blakely (currently of the Burton Group previously blogging here) talks about Privacy is “the ability to lie about yourself and get away with it”.
Ok back to Auren’s talk.
Portable (identity, reputation and social graph).
Why is this important – because of the Tyranny of wasted time ‘refilling all those forms out’.
Portability of identity (in the way he used it) was articulated as – it is just information about you that basically is self asserted.
Social Graph portability was just briefly referenced about ‘the people you are linked to’. There was no discussion of one of the main concerns – a ‘social link’ is between two people and moving that information from one context to another should have the consent of the party that a link is asserted about. Update:Having completed the post and understanding their data-aggregation model that fits into their business model they explicitly mush peoples social graphs together from different sites to create an aggregate social graph that as far as I can tell is not visible to the user. Distinguishing and keeping separate context is not what they do.
He asked rhetorically “What is your identity” and then mushed claims and preferences together as if they were all the same kind of identity information (where you live, what you buy, what movies you like, your sexual preference).
He talked about why several efforts in the past have failed. He said that Passport failed because it was an ‘opt-in’ system that very sites would integrate.
I thought this was an interesting assertion. I guess it was opt-in on the part of the relying parties – but the reason the didn’t opt-in was because there was only one Identity Provider and they didn’t want to be locked into only getting identities from them. Individuals had no choice but to get their identities from Microsoft to use the system. This whole reasoning was not articulated for the students though.
The failure of Passport he said proved the difficulty with the opt-in way.
The ‘reformed Microsoft’ vision of an identity meta system and particularly the Laws of Identity that inform the whole current conversation of portable identity were never mentioned.
Reputation he said was (sort of) context dependent. My internal reaction was “SORT OF? it is completely context dependent”.
He talked about Credit scores (opt out) as a white list and captchas that prove you are not a robot. I didn’t quite get what Captchas had to do with portable identity – it seemed to be a leap that was mad in his logic that was not articulated – if you have white lists (like credit scores) that prove you are a ‘real person’ then you don’t need captcha’s. At least that is what it seemed to me he was saying.
He said that Whuffie was a social currency from doing nice things articulated in Down and Out in the Magic Kingdom.
This part was nice the chart articulated the Benifits and Challenges of Opt-In and Opt-Out systems.
Opt-In | Opt-out | |
Benefits | User Decides | Critical Mass High Adoption Rate |
Challenges | Few Users No one wants to integrate |
Peoples Privacy |
He continued talking about the privacy implications of portability. He articulated that companies should show people all the data they collect about them. He raised the issue about cookies and how ‘freeked people out’ when first introduced but now are normal. He also said that technogrpahics and behavioral Ad networks should share data.
He said that more data collection is inevitable – but at least we can have control over this data. We are not going to stop them taking data about us. We should require to tell us what data collect about us.
He said that privacy is a Grey Area but not reference any of Solove’s work on the subject of identity and privacy, information systems and law.
He did not suggest any tools for doing this or how we would audit and check on their collection accuracy or honesty. Omitting these made it all seem the goals of the user-bill of rights were just dreams really far off. There was the
Datasharing Summit that spoke a lot about this – there is the Higgins framework (although in its infancy it has working demonstration code) that has some core tools to do this for people and the sites that have information.
At this point we had questions and I challenged – Auren on his assertion about the draw backs of Opt-In. I said that OpenID was challenging the argument that it could not be widely adopted. He said yes AND it was only available on a very small number of sites.
Questions about the ‘right to delete’ were raised by Lawrence Lessig. Apparently in Germany there are laws about publishing information about past criminal offenses of long ago. How these translate online is a good question.
Both during his talk and in the question and answer period he talked a lot about the potential for optical recognition to track us around in physical space. It was conflated with tracking us around the internet. These are two very different systemic processes that have some similarities but a lot of differences. They were conflated in his articulation of the subject.
Improving EULA’s was touched upon but no mention of Identity Rights Agreements work was mentioned – so I put if forward and invited those attending to come to the Internet Identity Workshop.
I will say it was nice to see Lauren Gelman. Last time I saw her was at Web 2.0 Expo speaking following my talk on Identity and Web 2.0 and she was very pregnant. Now she has a 4 month old.
At this point I didn’t really know what RapLeaf did – I was about to find out. I thought it was just a tool that people used to do reputation outside of e-Bay for buying and selling…not so. It got way creepier since I last had it articulated at Starbucks.
Joseph Smar drove me to the Stanford train station and he explained the RapLeaf business. Basically they go around the internet and collect information about people that is keyed to their e-mail address. They aggregate this information and then they know about you. They then sell this information to sites who want to know about their user base.
His system is Opt-Out. I am in it twice(Rapleaf score 5 and 4 respectively). This is how they claim to help you keep your privacy.
You know as a user I am forced to give ‘real’ e-mail addresses to get accounts on services. Two of the services listed in my profile I don’t use at all (Tribe and Hi5). I don’t even remember signing into Hi5. I know my social graph in Tribe, Flickr, LinkedIn and Facebook are different and not directly transferable between them. I don’t want to be connected to ‘everyone’ in all contexts.
Surfing around to learn more about them and the reaction in the blogosphere I found some interesting things.
Download squad:
When you hover over a Rapleaf attribute with the mouse pointer, Rapleaf will now show you where it got the information that makes up an element in your Rapleaf rating–whether it was gleaned from a social networking site such as MySpace or provided by a peer who claims to know you. Yeah, all these factors contribute to Rapleaf’s estimation of your reputation, and now you can tell where the info actually came from. Useful… especially if Rapleaf got some detail wrong about you!
There is quite a bit on this blog but just one highlightThe Bankwatch:
This smacks of blackmail to me. A while back I received an email from Rapleaf noting that someone had searched for my address. In that case I knew it was me searching myself, but why am I left feeling that they are snooping on me, despite the fact I think [?] they are trying to protect me.
Rapleaf.com, a people search engine that lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address; and Upscoop.com, a similar site to discover, en masse, which social networks to which the people in your contact list belong. To use Upscoop (proudly stating they have searched 400,000,000 profiles), you must first give the site the username and password of your e-mail account at Gmail, Hotmail, Yahoo or AOL.
By collecting these e-mail addresses, Rapleaf has already amassed a database of 50 million profiles, which might include a person’s age, birth date, physical address, alma mater, friends, favorite books and music, political affiliations, as well as how long that person has been online, which social networks he frequents, and what applications he’s downloaded.
All of this information could come in handy for Rapleaf’s third business, TrustFuse, which sells data (but not e-mail addresses) to marketers so they can better target customers, according to TrustFuse’s Web site. As of Friday afternoon, the sites of Rapleaf and Upscoop had no visible link to TrustFuse, but TrustFuse’s privacy policy mentions that the two companies are wholly owned subsidiaries of TrustFuse.
I suppose we should be happy to note that Rapleaf is not keeping track of our sexual orientation or the porn sites we visit.
They are using their information to help the political process though. (good thing I am Canadian and don’t participate in all that – not giving my e-mail address to political candidates).
From their website it articulates how you can ping their database of people to learn more about ‘your customers.’
Rapleaf’s TrustFuse product is an automated way of querying the Rapleaf system. Using Rapleaf or UpScoop is free and easy to use for consumers. If you are business, you can use Rapleaf’s TrustFuse system to learn about and serve millions of customers.
Work with Rapleaf by either:
1. Use our APIs to query your data real-time.
2. Upload the data in batch
Rapleaf’s TrustFuse product searches for information on your customers so you can provide them an enhanced user experience. You can use the API for up to 4,000 queries/day at no charge. After that, we charge a nominal amount per look-up.
So seems like campaigns are using TrustFuse from RapLeaf to figure out more about the voters that have signed up to get more information/participate in campaigns. I wonder exactly what they are finding out via the API’s.
Sigh.
His service is even more creepier then I imagined. It explains why he thinks that Opt-Out is the way to deal with these issues. Auren did say that if he couldn’t make it he would send someone to IIW in December. Hopefully we can have some fruitful face to face conversation.
Why Identity Commons is SOOOO important
This post by Phil who is pointing to Jim Harpers outing of RealID scheming by vendors who want to sell States their tools.
Bringing Your Public Onboard For Smoother Legislature Changes
… [E]very State DMV needs to find a way to educate their public so that they can ensure the legislature changes necessary to become Real ID compliant. So how exactly can you do this? This session will examine how you can change your public’s perception as quickly and as cost effectively as possible.
Listen to your people: Examining the direct impact on your public so that you understand the perception you are trying to change
Know which marketing methods will be most effective at reaching your public
Examine how much of your budget a public relations exercise is worth: Measuring cost against outcome
Highlights WHY we need user-centric and community centric identity to get clear about its message and to begin the real conversation about the implication NOT doing identity with these frameworks has.
This re-inspires my commitment to help catalyze with all of you the conversations and work that are happening and need to happen.
Business 2.0 gets OpenID wrong
I read this in hard copy on the way to the plane just before heading home from BlogHer. I just about fell off my chair…
Tractis, its creators say, is no less than a comprehensive legal system for the Internet nation. “The biggest problem with online contracts now is enforcement,” says David Blanco, the Madrid-based CEO of Negonation. “If you reach an agreement with another person and something goes wrong, how do you enforce the contract and in which jurisdiction? How do you know the true identity of someone calling himself snake69@hotmail.com?”
To solve that kind of problem, Tractis will offer a comprehensive range of trust and verification systems – and take advantage of controversial national ID cards. There are already 600,000 of the cards issued in Spain; similar ones are compulsory in Belgium, Germany, and Portugal. The United Kingdom is set to roll them out in 2010. Insert your ID card into a smartcard reader and Tractis will instantly verify it with your country’s database.
That doesn’t mean citizens of countries without national ID cards, like the United States, are left out. Tractis can also authenticate online identity via OpenID, a security standard now supported by Microsoft Vista, Firefox, and AOL. The final agreement can carry a digital certificate that in most countries, including the United States, has the same legal weight as a handwritten signature.
I wonder how they got it so wrong? Was it Tractis that said these things and the reporter didn’t bother checking the facts? or we is it us…the OpenID community not communicating clearly enough?
I mean OpenID is great It does do ‘authentication‘ in the technical sense. It is not a replacement for National ID card, it is not a ‘security standard’, It does not do validation (checking that you are linked to a ‘real’ identity that is yours) or enrollment (getting you signed into a system).
Maybe Negonation (the company behind Tractis) has plans to have a validated OpenID service? Hopefully they are going to come to DIDW and IIW.
They certainly have ambitious aims in creating trust on the web..
Negonation is commited to create secure and trustworthy electronic commerce, above the legislative islands. We’re aware that the words “secure” and “trustworthy” are difficult to define, more a subjective sensation than a concrete objective. The solution does not rely on using a standard, technology, hardware process or concrete legislation. It is a combination of many things, with no magic formula. A user will feel secure using Tractis or not. They will trust the service or not. We believe that the formation and support of this forum is a step in the right direction.
They Quote Richard Stallman on the top of their blog…
For businesses to have special political influence means that democracy is ill. The purpose of democracy is to make sure that wealthy people cannot have influence proportional to their wealth. And if they do have more influence than you or I, that means democracy is failing. The laws that they obtain in this way have no moral authority, but they have the capability of doing harm.
Maybe they are going to be using Open Source software so we can trust their system?
Highlights from BlogHer
Ok. I will give you the IDENTITY highlights first…
I lead a session on OpenID at the unconference on sunday and the two of the four guys who were at the unconference came to the session (none of the women did). They wanted me to explain what it was because they had heard the ‘buzz’ about it and wondered.
I did get to explain OpenID to a feminist activist and photographer Laurie Toby Edison who was active in the 60’s she understood it. This was a good feeling. After years of explaining the idea (at first in theory and now in reality) of Identity on the web – I know I can explain it to just about anyone who has some computer/web literacy (it helped that she had been active blogger for over 2 years). I think this is our major challenge…expanding who is using it. I think there is a huge opportunity to get the women bloggers using OpenID – hopefully there will be some services that cater specifically to that audience.
I found a search engine that lets you link up you on the web – called Lijit. Basically you tell it your LinkedIn, Flickr, Twitter, Flickr, Blog addresses and…it can then search across them…it makes YOU and your content a resource. I said to Tara their evangelist “so it is like ClaimID but with Search” but she didn’t know about ClaimID. I am inviting her to DIDW so hopefully we can all get the scoop on Lijit. I have been thinking about the ‘non-google’ search engine space and what is out there that is better then google.
I ran into Hakia again. They are a semantic search company (this is going to be ‘the year of sematic search I think… (or as we sometimes like to joke there are 3 years in one year ‘internet time’) [reminder to self…blog about visit to the Sematic Technology conference this spring] I have not used their search engine yet – there does seem to be a fair number of ‘non-google’ search choices that look interesting…I hope they get together and collectively let us know more about other ways to access info on the web because I am getting board of google in a way. I am smarter now…it is like google is the typewriter and I want a wordprocesser.
The Experience Project – this is a place where you can go and tell your story…and they will connect you with a community of folks who have similar stories… these may be stories that are really personal and you have not shared with anyone. They keep you anonymous/psdonomoys – I asked if it was like Post Secret Interactive and they said – yeah kinda. I think the freedom that we have to be on the net and the ability to find community around issues and episodes in our past that we feel social shame and embarasment is a very good thing. I really want us to protect the freedom to be on the web without suvelance and tracking because it is a good thing.
Regular Highlights:
I had a good time at BlogHer this year. Last year was challenging…emotional regression to highschool times….the ‘popular’ girls all prancing around in their really fancy outfits…wearing makeup and fancy shoes…hanging in little cliques. The ‘unnofficial theme’ last year turned out to be “Revenge of the Mommy Bloggers” We had Baby bibs in our swag bags along with Condoms (the male kind but designed for “her pleasure.” (It turns out I did get a condom this year but it was the ‘business card’ for a blog called Motherhood uncencored.)
This year the ‘unofficial theme’ turned out to be a much more inoquous and fun one…”Crafters Take Over” and there was peace between “mommies and non-mommies.”
I went mainly because I helped them run the unconference on Sunday after the ‘official’ conference ended. Many who attended thought it was the best day of the conference.
After the unconference I had dinner with Jessee Engle who is launching a really cool service called Design My Room that does for design what open source does for software – they have top designers do rooms…and you can lift the looks and THEN design your own room – making tweeks and changes.
With the election coming up and women particularly ‘single women’ being seen as a powerful voting blog this was no surprise. I met Gina Cooper the ED of Yearly Kos, Dana Singiser Director of Women’s Outreach for the Hilary Campaign and Ramona Oliver Communications Director for Emily’s list. Granded none of these conversations was a very long but I am hoping that I can at least raise the possibility of OpenID adoption amongst campaign sites.
I met some new women Tech Friends that were really fun Gwen who just moved back from Japan and Tara who is the new evangelist for Ligit.
The Identity Files: Biometric DB of Iraqis and Afghans
From the Stars and Stripes.
Biometric database helps U.S. track Iraqis, Afghans
Commentary by me below the article quotes
Many details of the database are classified, but according to Joint Multinational Readiness Center strategic planner Arnie Geisler, who helps train U.S. troops in Germany, it is being compiled by soldiers using equipment that scans an individual’s retina and fingerprints and takes a digital photograph of his or her face.
The equipment takes four measurements of each face and converts them into a biometric algorithm, which is stored in the database along with the retina scan, fingerprints and the person’s name and address, he said.
“It will show you if there is a match for someone who is wanted in the system,” Geisler said.
Vandal said soldiers add people to the database when they pass through entry control points, when they are detained or if they work on a coalition facility. Inputting the data and confirming it takes two to five minutes depending on the proficiency of the soldier using the equipment, he said.
The number of Iraqi and Afghan individuals in the database is classified, he added.
Geisler said biometrics are the cutting edge of military training.
“I don’t think a lot of nations are using biometric scenarios in training. We do individual biometric training here because it is so new. They are training soldiers on the latest biometric technology almost as soon as it comes out and it is available to the units,” he said.
JMRC’s biometric training was showcased to coalition partners from Europe, Canada and Australia at a conference in Hohenfels last week. The goal of the conference was for combat training centers from the various nations to compare best practice for training troops in the war on terrorism, Geisler said
When I read this what runs through my head is all about practicing on them so they can figure out how to do it ‘well’ and then impose it on us in the name of protecting us from terrorism. Let me put the dots together this week we found out that the FBI was using datamining ‘for more then just tracking terrorism.’ What we don’t know is how far the use of these tools go now and how far it will go in the future. Oh and I just got my first “CLEAR” card application while going through San Jose airport. I get to pay them $99 fill out the form – “take your photo and ‘capture’ your biometrics [fingerprint and Iris scan] along with two forms of government identifiecation, one of which must establish that you are a US citizen or permanent foreign resident. A US passport is strongly preferred.” Then your application will be submitted to TSA for a ‘security assessment.’ Once you have been approved for the program we will mail you a Clear card.
So this network is just starting to be built for all of us here in this free land of the United States.
Oh Yeah. As secrutity minded folks have pointed out it doesn’t make our airports more secure – it makes them less secure by giving a low security line – the one that would be terrorists are going to try and penetrate the airport by.
Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.
And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.
The truth is that whenever you create two paths through security — a high-security path and a low-security path — you have to assume that the bad guys will find a way to exploit the low-security path. It may be counterintuitive, but we are all safer if the people chosen for more thorough screening are truly random and not based on an error-filled database or a cursory background check.
These systems and networks can be used to track us for ALL kinds of reasons including really BAD ones just as the Nazi’s did in Germany to track down the people they wanted to exterminate. This may sound ‘extreme’ to worry about this – our government would never do ‘that’ but there are conversations about how to deal with illegal immigrants that include mass deportation. This year the Lucifer Effect: Understanding How Good People Turn Evil. It highlights and important point – it is not that some how…there are a few evil people – it is that all people can turn evil because of the nature of human nature. With these Digital tools and systems about people the capacity to do harm increases. It worries me to have biometric databases of all of us in government hands. It worries me that all this information can be correlated across all my activities relating to government. It worries me it could be correlated to private sector databases about me. I think we have A LOT of work to address the social implications of the tools and systems proposed.
The Identity Files: A P0rn StAr stole my Name
This story is interesting for a few reasons. It raises the question about plain old names. I think this is going to become more and more of an issue with google ranks and potentially other social networks mattering so much. More commentary on a tangent below.
A Porn Star Stole My Name:Texas woman claims old teen pal hijacked her moniker for stage name
JULY 3–Lara Madden is a 25-year-old porn movie actress who uses the stage name Syvette Wimberly when starring in films like “Anal Camera 19.” While Madden’s professional alias is catchy and distinctive, the name is identical to that of a former Texas high school pal of the X-rated performer. As a result, Kristen Syvette Wimberly, 25, has filed a lawsuit against Madden and the porn distributor Vivid Entertainment for the misappropriation of her name. In a June 26 complaint filed in Harris County District Court, Wimberly notes that she and Madden became friends after meeting at the beginning of ninth grade in Kingwood, Texas. That friendship, however, “ended due to conflict,” according to the lawsuit, a copy of which you’ll find below. The complaint adds that Madden (who is pictured at right) married while in high school and did not graduate with Wimberly, who lost contact with her former friend. Until recently, that is, when Wimberly discovered that, “there was a woman appearing in multiple explicit pornographic videos” using her name. Wimberly soon learned, the lawsuit reports, that the porn actress who boosted her name “was her former high school friend Lara Madden.” The porn star, Wimberly alleges, deliberately chose to use her name, despite realizing that it would cause “extreme embarrassment and unsubstantiated association with the pornography industry and other consequences.” Wimberly claims that Madden’s actions have caused her emotional distress and mental anguish, for which she is seeking monetary damages. Wimberly also wants a permanent injunction barring Madden and Vivid from continuing the use of her name. In a TSG interview, Madden acknowledged appropriating Wimberly’s name because she thought it was “really cool.” Madden, who said that her first name is actually Laura, denied ever being friends with Wimberly and said that she did not marry in high school. She added that her porn career ended in 2005 after she appeared in 13 films. (6 pages)
What if someone where to pretend to be ‘me’ in a social network and accumulate ‘my’ friends. I am sure this is happening somewhere to some people. The thing is that it becomes obvious you are not actually connected to the real person when you send the ‘fake person’ a virtual good. Then you run into them at a physical event and ask them about getting it. Well if they didn’t get the item you know you are not actually connected to them. I never link to people I don’t know in social networks (I have about 15 “friend requests” in facebook that are from this category of people). It is as some geeks in my network have talked about – what your PGP signing policy matterrs – is is based on knowing the person over time or just because you saw their easily faked ‘government documents’ and have no idea who they are because you have never interacted with them. These sorts of social norms.
Identity and Face Book
I have been in facebook a while. Jordan Moncharmont who works at Facebook and is a student at Stanford invited me into the network after Ruby on Rails Camp. I just didn’t get it at all. What was the difference between a note, a message a wall message a poke? It just seemed silly to me but I knew it was all socially contextual and relevant to the kids using it. I ‘felt old’ because I didn’t understand the tools (now I know how ‘normal people feel’ I thought when I show them all my tools).
So a month ago at CFP (Computers Freedom and Privacy). I took the opportunity to meet up with some of the women that I was on the Canadian National Waterpolo Team with.
They were both on facebook – wow I thought this is going mainstream. Apparently the Ontario Government had to block access to Facebook for employees it was going that mainstream.
So two weeks ago I started getting all sorts of friend request from folks in the tech community. So I dove in. Shortly there after my best friend from Grade 4 and 5 found me. ‘Hey did you used to be Kaliya Young?’ she asked – “yes” (I changed my name on the system to my current full legal name Kaliya Young Hamlin so that all my friends from my life in school know it is me). I also wondered if my sister would have a profile…SHE DID! Something is really going on with this platform.
I invited lots of folks in my google address book cause I could easily. This included Dennis Hamilton.
Today, I received a Facebook friend invitation from Kaliya Hamlin, Identity Woman. Oh oh, this is getting serious. I’m honored and touched that Kaliya would invite me. I figure it is time to pay attention and see how Facebook might fit into our mutual interest in identity topics.
Well as a matter of fact it does.
There is the OpenID group
the Digital Identity Group and
the Identity Gang of Identity Commons.
So far I like most things about it. I like presence updates from people. It gives me a sense of what people are upto, thinking about etc. this is the same reason people like twitter (I am not on twitter cause 1) my phone doesn’t do outgoing txt. 2) I can’t figure out how to get it to work with my IM Client)
I like that they opened up to other developers. Many people are building interesting applications. I don’t like that only 6 of them can show in my side toolbar without me clicking on the ‘more’ button.
I enjoy sending messages because it makes the whole conversation with you and the other person threaded.
Dennis has some concerns. (however he just posted a presence message this morning so I know he is using it daily still).
It is a Silo. – sure but people can build all sorts of stuff on it.
What will be interesting to see is how groups move about cyberspace – none of us is loyal to any of these platforms more then gamers are loyal to ‘a game’ they are loyal to the social groups that they play with. Raph Koster pointed this out at Supernova. We are loyal to the groups we do work with and socialize.
My what if is – What to do about those people who asked to be your friends who you don’t want to be friends with? Or that you don’t know at all? I am not sure. They get stuck in friend request purgatory? This could use some improvement.
danah boyd has written an essay about class divisions emerging between different social networks and the use by young people.
The goodie two shoes, jocks, athletes, or other “good” kids are now going to Facebook. These kids tend to come from families who emphasize education and going to college. They are part of what we’d call hegemonic society. They are primarily white, but not exclusively. They are in honors classes, looking forward to the prom, and live in a world dictated by after school activities.
MySpace is still home for Latino/Hispanic teens, immigrant teens, “burnouts,” “alternative kids,” “art fags,” punks, emos, goths, gangstas, queer kids, and other kids who didn’t play into the dominant high school popularity paradigm. These are kids whose parents didn’t go to college, who are expected to get a job when they finish high school. Teens who are really into music or in a band are on MySpace. MySpace has most of the kids who are socially ostracized at school because they are geeks, freaks, or queers.
Class divisions in military use
A month ago, the military banned MySpace but not Facebook. This was a very interesting move because there’s a division, even in the military. Soldiers are on MySpace; officers are on Facebook. Facebook is extremely popular in the military, but it’s not the SNS of choice for 18-year old soldiers, a group that is primarily from poorer, less educated communities. They are using MySpace. The officers, many of whom have already received college training, are using Facebook. The military ban appears to replicate the class divisions that exist throughout the military. I can’t help but wonder if the reason for this goes beyond the purported concerns that those in the military are leaking information or spending too much time online or soaking up too much bandwidth with their MySpace usage.
The whole essay is very good. She writes at the end about her worries for teenagers today.
Where is Identity: Supernova 2007 Panel: Do you know where your Identity is?
Here are the slides for my introduction for the Identity Panel at Supernova. The reason explained OpenID was to level set for the audience what was happening in the market today that was obvious. I also contextualized it within a whole community of collaborative work – so much activity not enough time on an introduction to the basics to dive into. If you want to see the whole panel on BlogTV here it is.
I also have a longer talk that I gave at Web 2.0 that goes into more detail about some of the social issues and where the technology is. This a PDF of the text of my talk..
Further Resources on the Final Slide.
Identity Commons wiki.idcommons.net
Laws of Identity identityblog.com
OpenID openid.net
Pamela Project pamelaproject.com
OSIS osis.netmesh.org
Higgins Project eclipse.org/higgins
Bandit Project bandit-project.org
Liberty Alliance projectliberty.org
Concordia Project projectconcordia.org
Internet Identity Workshop
#5 Dec 3 – 5, 2007
#6 May 12-15, 2008
Online Community Unconference: Identity Session
Besides facilitating at the Online Community Unconference last week I also lead a session about. OpenID and the potential for persistent Identity. I asked the audience what they wanted to know about – 1/2 had heard of OpenID and wanted to explore what it would mean to adopt it. Another 1/2 wanted the basics of how it worked – so we started with that on the whiteboard.
I began talking about identifier options – second or third level domains for URL’s and top level or second level domains for i-names (XRI). We talked about how in each case there is one you pay for and one you don’t but then are beholden to the site you get your delegated name from. Then I introduced the Relying Party where the user presents their identifier to login. The RP has the code to figure out where to redirect the user to their OpenID Provider or host….the user is prompted to authenticate and if successful redirected back to the RP. We did not get into the phishing hole really at all. Once this was clear we moved into a circle and talked about more of the issues involved. Thomas Kriese from the Omidyar Network continued the next session about how community managers should share reputation.
There was also a session about Keeping the Party Rolling that had a lot of resonance with creating good face-to-face meetings but also has something to do with why user-centric Identity is cool. It keeps things moving smoothly on the web.
Identity and Crowdsourcing Interview on Assignment Zero
I was interviewed for the new Wired effort to crowd source articles called Assignment Zero. Appropriately enough the first article is about Crowd Sourcing. This whole new modle of writing is one of the reasons that Bruce Sterling stopped writing for the magazine.
In my Interview “Your Online Identity Defines Your Role in the Crowd: Identity Woman builds networks of trust, face-to-face and through Internet Identity”
This was a fun interview – at first I thought it would just be about unconferences but as we got to talking it became clear that Identity had a role to play in improving the potential of crowd sourcing. I am not a big believer in the power of ‘random groups of people’ solving complex problems. I think persistence of identity over time and context that allows the development of a transaction history or record could really be interesting because it is an architecture that can support the emergence of trust.
I own MY Identity
I gave myself the name Identity Woman for a very particular reason. At the time I began blogging I had spent an entire year working full time in identity and had basically been the only woman at every one of the many meetings I had attended on the subject. At the time there was one other woman I knew of working in the field and she was on the other coast and was not blogging.
I have worked very very hard for the last three years pretty much full time to grow the community around user-centric identity along with my personal brand “Identity Woman.” I have never claimed to ‘own this space.’ I have a reputation within it because I work well with many many people from a diverse points of view and bring them together. I am the identity woman archetypically in many ways because I have catalyzed and brought the community together (along with the help of many others). This bringing together is a very feminine role that has created “fertile ground” for lots of great developments in the field.
It is much more then an ‘awareness building pseudonym’. Identity Woman â„ is my professional Identity. My blog is my professional presence. I am not ‘a title’ at ‘a company’ like almost everyone else in this field. When I was quoted two weeks ago in the in Wired Online and the NYTimes they referred to me as the Identity Woman. When I speak at conferences like O’Reilly’s and Supernova I am listed in the program as Identity Woman.
Identity Woman â„ is my brand and my Identity and I own it.
Identity Faire? just come to IIW
David Kerns proposes an “Identity Faire”
Now, I do agree that we need more conferences of this type. We do have them in North America – things like Courion’s Converge, the Internet Identity Workshops and NetPro’s Directory Experts Conference come to mind
He forgets two more conferences DIDW and Burton Group Catalyst has a significant Identity component and Gartner had and Identity and Access Management Summit.
This idea was inspired by this comment by Symlabs’ Chief Architect Felix Gaehtgens.
He recently dropped me a note to tell me about a European Identity conference he’d attended, and what he found unique about it. In his own words:
“Last week, I was at the 1st European Identity Conference in Munich. This conference is organized by Kuppinger + Cole, a German Identity Analyst group. We know that a lot of new ID Conferences are springing up, since ID management is a hot topic, and many organizers are trying to cash in on numerous conferences out there. However, this conference had something truly unique.
“So what made this conference stand out? First of all, the scope of the presentations. This was something completely new that I haven’t seen before. Most conferences pitch (exclusively, unfortunately) to the CxOs, management and decision makers, and are therefore kept to the high level. This conference also addressed those needs with overviews, workshops and user/case study presentations. HOWEVER, and this is what I liked about it, this was the first conference (in my opinion) that had a broader scope by also addressing the needs of those techies and geeks that roam these types of conferences.
“There were several presentations and workshops that were very technical and ‘hands-on’, going into the real guts of the technology and implementations. I’ve been to a presentation where a person from a German bank talked about how to integrate Kerberos between Unix and Windows. That presentation was fantastic, and very lively. You could feel the electricity in the air with all those geeks like me talking technology. Then there was a real ‘how-to’ workshop on how to boot-strap the Liberty ID-WSF (Web Services Foundation) using two different implementations using a practical example and showing how everything fits together.”
Many of the Identity Gang / Commons folks I spoke to about the conference said it was really just the same conference they keep going to. Talking heads on the range of identity topics. I would put forward that more conferences with talking heads are not needed but an expansion of conferences with cross cutting themes and industry players that come to the Internet Identity Workshop who – do work together.
[The current conferences are] generally organized around a particular vendor, product or technology rather than as part of a conference covering a broad spectrum of identity. Maybe what we really need is an identity fair (or “identitie faire”) with PowerPoint presentations for those who need them and hands-on labs for those who don’t. Something for everyone, under the big top. Not just a “dog-and-pony” show, but a real three ring circus. Who’ll step up and organize this?
Eugene Kim , Phil and I have been thinking about IIW and how to make improvements for next time. We welcome community input on how to make it better – so write us.
I am very clear that we need to systemically as a community have and execute a strategy to reach out to other pockets of folks explicitly doing “identity” work AND to our neighboring fields like Semantic Technology and get them involved in IIW. I think it was good that the ITU folks joined us at IIW this time. There was a call from the floor for more Lawyers next time. I would love to see some proactive outreach to those technical/professional identity communities who you see should be involved in a ‘faire’ being explicitly invited to IIW.
The IIW2007a Spoken Word: CommunityIdentityAuthenticity
CommunityIdentityAuthenticity
This community…has its challenges.
Harnessing its own enthusiasm and energy to affect real change
It’s a challenge…
Moving together
despite differences in the details
Getting the populace to understand
what we can barely understand and
communicate
between ourselves
It’s a challenge…
Communicating the understanding and importance of internet identity
to the average member
of society
It’s a challenge…
Trust
Divergence versus Convergence
Policy evaluation privacy evaluation
I just feel like shouting out …
My life
My terms:
Choice, Privacy and Control !
Like shouting…
One hundred and eighty passwords — and counting — is too many !!
Shouting
Where’s the money?!
We need to get out of the technology ivory tower!
Shouting
V R M!
I feel like shouting
We are all painting variations on the same picture!
— and it is hard
to see
what the image is.
And then I think, if I were the user, I would say
Don’t rock the boat!
I would say
Keep it simple and make it just…work.
Keep it simple !!!
Why can’t you make this easier for me?
I would say…
What is actually happening here?
Here is what I wish for the future:
I wish it would .. “just work” … for users.
Here’s what I hope for:
Something my dad can use and not get phished.
Here is my dream:
That we get how to engage in real-value, consensual transactions
Here is my dream:
Breaking down power structures
safe and powerful for everyone
in all contexts
Becoming invisible
and indispensable
Authenticity.
— by Mark Aiken, Kevin Turner, Brad Fitzpatrick, Eddie Codel, Peter Davis, Ajay Madhok, Mike Jones, Johannes Ernst, Joe Andrieu, Mark Lentczner, David Recordon, Henrik Biering, Drummond, Reed, V. Gale, Gerald Beuchett, heathervescent, Weston Triemstra, Martin Atkins, Steve Williams, Paul Bryan and Lisa Heft
This spoken word piece was the closing for the
Internet Identity Workshop
May 15, 2007 — Mountain View, California, USA, Earth
More identity management next week.
So if you are coming to town for IIW next week you should know that the ITU is going to be having its IdM Focus Group meeting on the 17th and 18th in Mountain View. If you want to attend you need to fill out this form.
Transgender issues with Privacy and Identity at CFP
Mara Keisling the Executive Director of the National Center for Transgender Equity presented about the privacy and identity issues faced by Transgender people.
Identification Documentation
What is important for that about transpeople? – It is mportant what it says and also what it refers to. For example my passport says – ‘this passport says that this was changed for male to female’
Why does this matter because the revelation of one’s transgenderness is a risk – that we know of in the US one transgender person per month is murdered. Violence is a issue.
There are economic consequences to be outed at work or as part of a job interview and fired or not given job in the first place. In San Francisco – over 50% were unemployed or had fragile employment.
The REAL ID ACT is a problem.
It has not been implemented yet but what is very obvious consistent ID documentation is hard to get – for low income people, transgender, homeless people, immigrants. It will make it increasingly difficult.
The data is interconnected across ALL law enforcement.
It mandates certain things be on the front it.
Gender is required.
The fact of name change required – obvious that they changed name from say Mark to Mara.
Will Fact of gender change will be required? It likely will be in database. Along with surgical records – will end up in database. This means it outs transgender people every time interact with law enforcement.
It also means any time one’s ID is checked electronically to get into a bar for a drink it will out people. This is not a big deal in a big city is it s BIG deal in small towns.
Travel
It is difficult. I have friends who say “‘you travel’ – you are willing to fly?”
The TSA currently has no policy specific to transgender people and their frisking at airports.
They do have policy regarding how they are to interact with ‘helper monkeys’ (seeing eye dogs etc.) TSO’s are not aloud to touch your helper monkey’s.
At the very least they would like guidelines for searching.
It is difficult to get a passport. They almost always require you to present proof of gender change with the presentation of surgical records. However almost none have genital surgery – they estimate only 5% the reason is that there are many contra indications (HIV status, age, pulminary issues) and it is very expensive.
There is no security interest in labeling as me as a male. They are going to have a hard time finding me…(she presents as female).
It is a privacy violation to have ‘surgery letter.’
Scatterback x-ray machines “strip” naked and covers gender. This security measure is creepy for everyone – creepy and dangerous for transgender people.
Employment Verification
Mapping all these databases – to monitor so the SSN administration sends ‘no match’ letters – new employee…is this person eligable to work. This is supposed to just be for name or social security number. However there s an Optional data-field in this database and they can end up with ‘non-match’ letters because of gender basically – “you think lily is a woman – we think Lily is man”
An example she gave was heart breaking. A man was working at as a Steelworker for 20 years. The company he worked for ran all its people through the process you do with SSN administration and his supervisor came out in front of the crew that he worked with on a daily basis and said “Social Security says your a woman.”
He quit his job and wondered if he was going to have to find a new job every quarter because of this.
Employers with a large number of employees can do this via computer but small employers who do this via the phone – the operators are taught to ask for gender to enhance the match.
Health Privacy
Transgender people are turned away from hospitals all the time
A passing (not out) trasngender nursing student in florida as part of their training they were given specific information about what to do for man and women in certain situations. She asked
“What do you do with transgender people? are there any special considerations?” The trainer said “When I was in ER in New York we just let those people die.” You can be murdered because of your transgenderness in the health system.
Prescription records – many transgender people have histories that out them. Old data remnants matched with my old self with my new self (estrogen taking).
RFID
Freaked out about this passports because of information that will be shared. I don’t want this to flash on every screen when cross boarders.
Clothing that is worn or bought what if was from a credit card that I got got when male.
Data Permanence
Examples given.
Said in front of city council – I am a man with no penis. It was written up by the Philadelphia Inquirer – now when you google this person this is the first hit. it will be there forever.
Susan Stantant – Fired as city manager in Florida. Someone commented in the paper that now shows up in google “because she is taking estrogen no longer get erections”.
A woman was fired because court transcripts of parents custody battle from when she 10 years old. Someone else had fraudulently used her SSN and there for she was a ‘high security risk’ and denied her job.
What is Identity?
Last week at the ITU-T meeting in Geneva there were some folks making the assertion that Identity was all about one’s credentials starting first and foremost with one’s birth certificate. Clearly credentials that are abstract representations of our selves have value in our world and let us do things that we were not able to do when identity was just social. Much like the fact
Hernando DeSoto points out in the Mystery of Capital that abstract representations of ownership of things (like deeds of ownership of houses – that say you own your house) has value because now you can do new things you couldn’t do before when ownership was just social (my neighbors know I own my house because I do – no piece of paper says this).
I think loosing the understanding that Identity is first and foremost a social construction would be disastrous. We had a great conversation last week in Brussels with Doc and JP in the ‘because of effect’ I will work on writing up my notes from that while at CFP today.
I am staying at a friend’s house in Montreal and picked up Oppenhimer: The Tragic Intellect on the coffee table. In the Preface the author says this:
The recent biographies all, in different ways, place Oppenheimer’s life in the context of the transformation of science and American society and politics during the Cold War. My aim in this book has been to provide a biography that draws together individual character structure and social structure, looking at the social processes and collective work through which the individual identity is constituted. It is sociological biography, which looks at the collaborative and interactional shaping of the individual in the web of relationships. In that sense, it aims to break down the division between individual and context, treating both in terms of social processes. This is a difficult task. Sociologist Norbert Elias has written, ” Whenever one looks, one comes across the same antinomics: we have a certain traditional idea of what we mean when we say ‘society.’ But these two ideas, the consciousness we have of ourselves as society on the one hand and as individuals on the other, never entirely coalesce…What we lack, let us be clear about it, are conceptual models and, beyond them, a total vision with the aid of which our ideas of human beings as individuals and as societies can be better harmonized.” This study attempts to use the narrative form of a sociologically conceptualized biography to weave together the threads of the “individual” and the “social.”
I continued reading it last night as I went to sleep and found another paragraph I will post tomorrow.
Identity Web 2.0 Expo Talk
Giving my talk at Web 2.0 was an interesting for a few reasons.
Firstly I tried to really step out and talk about what is next for identity and where the problem issues are looking forward assuming people knew about the past. I How to think about what we do in terms of people and community? How do we things with Identity for people in groups not just about ‘them’ in this user-centric but isolated. To articulate this I wrote what I hope is the heart of a great article that gets at where we are now with the identity layer, where we could go. This is the first two pages of the PDF. (yes doc it is a PDF and I will work on an HTML version).
Secondly, the audience was not who I expected. I thought this was the regular ‘tech crowd’ I meet often. Instead it was people coming from big companies trying to figure out this web 2.0 stuff and people buidling things who travelled a long way to be here. Not really who I typically think of in the O’Reilly scene. So for all of you who wanted ‘the download’ about all the identity ‘bits’ the basics of all that on the third and forth pages of this PDF.
I learned from this experience and I have had two opportunities to really be on stage at O’Reilly events in the past two months and I learned quite a bit from both of them.
Looking forward I am going to be working on some core content to speak with ‘completely’ normal and somewhat technically literate people about identity. I am also going to be practicing these talks more regularly.
I also have thoughts about what is next in terms of the problems that the identity community needs to address and can address moving forward. This is where the opportunity lies if you are an enterpriser, venture person or coder. These opportunities and issues are deeper then code and money stepping into the heart of what it means to be human in the networked world. What we do now on the web in relationship to this REALLY MATTERS.
How do you validate who you are?
This story was just posted on Slashdot and raises interesting questions about how we determine how we determine who someone is in relationship to digital content.
“A fifteen year old from Perth, Australia, posed as an employee of the Australian Broadcasting Commission, demanding that YouTube remove hundreds of video clips of ‘The Chasers War on Everything.’ The amusing part is that The Chaser is a comedy company well known to perpetrate exactly this sort of prank.”
Looking at Identity
Andre has a great post that frames the identity zeitgeist.
Ancient History
- PKI
- Firewalls
- My stack vs. your stack
- Mooooaaannn
Mould
- Strong Authentication
- Federation & SSO
- blah, blah, blah
Old
- User-centric
- Attribute Sharing
- OpenID phishing
- yak, yak, yak
Bold
- Delegation
- Smart clients
- Protocol convergence
- Identity meets payments
- Just do it!
He has been in the business for 6 years. I thought my 3 years was a long time. The irony of it Mould and Old subjects is that it is still way early for all of those things beyond our circle – I had a conversation with a VC this past week and he said ‘I know there is something going on here – but it is still way to early.’ I hope that with the USA Today article that changes.