In his provocative Scientific American article entitled, “Long Live the Web: A Call for Continued Open Standards and Neutrality,” Tim Berners-Lee concludes, “The Web is critical not merely to the digital revolution but to our continued prosperity—and even our liberty. Like democracy itself, it needs defending.”

I don’t agree with all Tim says in the article, but enjoyed reading the article and considering what he had to say.

Some of my favorite excerpts:

The Web as we know it, however, is being threatened in different ways. Some of its most successful inhabitants have begun to chip away at its principles. Large social-networking sites are walling off information posted by their users from the rest of the Web. Wireless Internet providers are being tempted to slow traffic to sites with which they have not made deals. Governments—totalitarian and democratic alike—are monitoring people’s online habits, endangering important human rights.

It was the subject of “threat” that caught my eye first. I know that government regulation is a threat, but how does Facebook threaten the Web?

Social-networking sites present a different kind of problem. Facebook, LinkedIn, Friendster and others typically provide value by capturing information as you enter it: your birthday, your e-mail address, your likes, and links indicating who is friends with whom and who is in which photograph. The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site. Each site is a silo, walled off from the others. Yes, your site’s pages are on the Web, but your data are not. You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site.

So what?  Why is that a problem?

Because the Web is yours. It is a public resource on which you, your business, your community and your government depend. The Web is also vital to democracy, a communications channel that makes possible a continuous worldwide conversation. The Web is now more critical to free speech than any other medium. It brings principles established in the U.S. Constitution, the British Magna Carta and other important documents into the network age: freedom from being snooped on, filtered, censored and disconnected.

I like the focus on personal freedom.  I do believe that governments have difficulty oppressing their citizens if the right to communicate openly is assured – a philosophy the Web supports – if remains an open, easily accessible medium of information interchange.

Speaking of open-ness and closed-ness:

Open standards also foster serendipitous creation: someone may use them in ways no one imagined. We discover that on the Web every day.

In contrast, not using open standards creates closed worlds. Apple’s iTunes system, for example, identifies songs and videos using URIs that are open. But instead of “http:” the addresses begin with “itunes:,” which is proprietary. You can access an “itunes:” link only using Apple’s proprietary iTunes program. You can’t make a link to any information in the iTunes world—a song or information about a band. You can’t send that link to someone else to see. You are no longer on the Web. The iTunes world is centralized and walled off. You are trapped in a single store, rather than being on the open marketplace. For all the store’s wonderful features, its evolution is limited to what one company thinks up.

So what about net neutrality?

A neutral communications medium is the basis of a fair, competitive market economy, of democracy, and of science. Debate has risen again in the past year about whether government legislation is needed to protect net neutrality. It is. Although the Internet and Web generally thrive on lack of regulation, some basic values have to be legally preserved.

This is an area where I may differ a bit with Tim.  It seems to me that we could have an Internet with different classes of service with different price tags, just like we have an automobile industry with different levels of luxury in the cars we buy.  It certainly is a timely topic and Tim’s comments are definitely worth reading.

One area where my thought’s converge closely with Tim’s are in governments’ violation of due process of law …

Totalitarian governments aren’t the only ones violating the network rights of their citizens. …

In these cases, no due process of law protects people before they are disconnected or their sites are blocked. Given the many ways the Web is crucial to our lives and our work, disconnection is a form of deprivation of liberty. Looking back to the Magna Carta, we should perhaps now affirm: “No person or organization shall be deprived of the ability to connect to others without due process of law and the presumption of innocence.”

All in all, a great article by a giant in our industry.  Thanks, Tim, for taking the time to write it.

About the Author:

Tim Berners-Lee invented the World Wide Web. Today he is director of the international World Wide Web Consortium, based in the U.S. at the Massachusetts Institute of Technology. He is also a professor of engineering at M.I.T. and a professor of electronics and computer science at the University of Southampton in England.

I received the following email today, ostensibly from a “Miss Helen:”

DEAR RECEIVER,

You have just received a Taliban virus. Since we are not so technologically advanced in Afghanistan, this is a MANUAL virus. Please delete all the files on your hard disk yourself and send this mail to everyone you know.

Thank you very much for helping us.

Thanks & Regards

Miss Helen

Well, I didn’t follow Miss Helen’s gracious instructions, but thought you’d enjoy sharing this little bit of levity anyway.

I currently publish two blogs: “Discovering Identity” (this one) and “I Love Freedom.”  Usually, the information I publish on these blogs doesn’t overlap, but this subject certainly does, and is posted on both sites.

Thanks to an acquaintance, Jane Grafton, I recently read two opposing views on the subject of federal government regulations of privacy:

An LA Times article, Privacy and the Web, concluded:

Although Washington shouldn’t try to micromanage the Net, it should make clear that websites have a duty to help users manage their personal information effectively, giving them the chance to understand the tradeoffs they’re making and to choose wisely.

Phil Lieberman of Lieberman Software responded in his post, “Internet Privacy Is No Place for Government Regulations”:

Attempts by the federal government to constrain the collection of data, and the ability to tailor offers based on this data, is a case of the government meddling in areas where it has no place.  Interference with the free market serves only to punish those companies that know how to efficiently mine their data and so is the worst form of government interference with the free market.

I’m all for privacy and opt-in/opt-out options. However I feel it does little good to cripple those companies who are good at business for the purpose of expanding the nanny-state. Any decision to overreach with privacy controls will also provide a bounty for greedy and litigious attorneys looking for fresh kills on the Internet.

What do you think? 

Although the LA Times article mildly asks the federal government not to “micromanage the Net,” history has that government has the propensity to always micromanage everything it touches.  How’s that for a cynical view?

If I believe the most effective way to deal with this issue would be for private industry to self-regulate. In much the same that PCI DSS has become an effective industry-driven regulation of the credit card industry, perhaps we need an “Online Privacy Standard” developed and enforced by the online industry itself. 

Otherwise, if such industry self-regulation doesn’t happen, given the current mood in Congress, I think federal government regulation of online privacy is a foregone conclusion (more cynicism).

As a holder of a lowly exhibit pass at the Gartner IAM Summit, the only conference session where I was officially welcomed was the Oracle vendor session, where Amit Jasuja, Vice President, Oracle Identity Management, addressed the subject, “Bridging the IT and Business Divide with Identity Intelligence.”

Some of the the key points Amit stressed include:

1. A major Identity and Access Management problem is having only a partial view of Identity information that doesn’t give you the complete picture.
2. Correlating identity data can be difficult, because the data resides in multiple identity data silos.
3. The solution is to collect, compile and correlate identity into an Identity Warehouse.
4. Many applications can access and leverage the the Identity Warehouse, including role governance, change management,  IT Audit Policy Monitoring, risk assessment, configuration analysis and access certification.
5. A business glossary, which assign business terms to cryptic technical terms, helps an Identity Warehouse deliver real business value.
6. The Identity Warehouse and related applications help an organization go beyond compliance and build trust in the organization.
7. The Identity Warehouse can provide a complete view of your environment today.
8. Oracle’s solution to tackle these issues is Oracle Identity Analytics.

I like the term “Identity Intelligence.”  Using analytical methods to extract intelligence from massive amounts of identity data is a smart thing to do.

I had a brief discussion last night with a customer who basically said, “We have the data. We just need the ability to manage it and extract the value.” 

Well said.  That’s what Amit’s talk was all about.

Several years ago, before Facebook and LinkedIn became household names, a partner and I formed a company named “Network Handshake LLC” and proceeded to develop a bit of social networking software called “ConnectArizona.com,” in an attempt to bring together like-minded individuals in the Arizona business community.  It was a really interesting project, but without adequate capital and marketing support, ConnectArizona.com and Network Handshake really never got off the ground (although I still own the domain names).

Time has shown that the concept of “shaking hands across the network” really has legs.  How many connections do you have on LinkedIn?  How many friends on Facebook?  What other social networks do you use?

However, this week, the power of the “real handshake,” not just the network kind, was reaffirmed.  After not attending an industry conference in well over a year, I am attending the Gartner IAM Summit in San Diego this week.  It has been delightful to engage with customers, partners and friends on a “real handshake” basis – to look individuals in the eye, firmly grasp their hands and speak directly, person to person.  While much can be said for the connecting power of teleconferences, webex sessions, email and social networks,  I believe there is no real substitute to direct, face-to-face, interpersonal communications. 

Viva la “real” handshake!

This little video states a pretty good case for making sure those responsible for database administration shouldn’t have free rein over the information those databases contain.

That, and maybe the guy needs a bit of common sense …

This may not be an Identity Management subject, but I just had to share a happy memory and bit of congratulations as I return to blogging after a long time.

Many years ago, my younger sister prepared for a high school science fair by training a pair of white rats to play basketball.  She taught the little critters to stuff a whiffle ball through a wire hoop by rewarding each successful attempt.

On the morning of the science fair, the female rat gave birth to a litter of young rats.  As expected, she refused to play ball.  But the daddy rat? He went right ahead and played hoops!

Today, Phoenix Suns’ superstar Steve Nash played his best best game of the young NBA season tonight on the same day his wife gave birth to a new baby boy.  This morning, the Nash’s new son, Matteo Joel Nash, was born.  Tonight, Dad almost had a triple double with 28 points, 14 assists and 7 rebounds as the Suns beat the Sacramento Kings 103-89.  Congratulations Suns! Congratulations Nash family!

And lest of you think otherwise, none of us think Steve is a rat!

According to a CNNMoney.com article today,

“An international cybercrime ring was broken up Thursday by federal and state officials who say the alleged hackers used phony e-mails to obtain personal passwords and empty more than $3 million from U.S. bank accounts.

“The U.S. Attorney’s Office charged 37 individuals for allegedly using a malicious computer program called Zeus Trojan to hack into the bank accounts of U.S. businesses and municipal entities.”

Isn’t it interesting that this sophisticated cybercrime tool was named for Zeus, the Greek "Father of Gods and men" and the Trojan Horse, which allowed Greeks to surreptitiously enter the city of troy and end the Trojan War?

It is as if God and the Greeks have ganged up on the rest of us!

I’m sure God and the Greeks aren’t really conspiring against us, but the Zeus Trojan case underlines the tragic reality that bad guys are  becoming extremely sophisticated in their attacks, and that the cost to us all is rapidly increasing.

The 2010 Independent Oracle Users Group (IOUG) Data Security Survey Report published by Unisphere Research, a division of Information Today, Inc., and sponsored by Oracle Corporation, uncovered the following troubling findings:

1. Fewer than 30 percent of respondents are encrypting personally identifiable information in all their databases.
2. Close to two out of five of respondents’ organizations ship live production data out to development teams and outside parties.
3. Three out of four organizations do not have a means to prevent privileged database users from reading or tampering with HR, financial or other business application data in their databases.
4. In fact, two out of three respondents admit that they could not actually detect or prove that their database administrators and other privileged database users were not abusing their privileges.
5. However, database administrators and other IT professionals aren’t the only people that can compromise data security from the inside. An end user with common desktop tools can also gain unauthorized direct access to sensitive data in the databases.
6. Almost 64 percent indicate that they either do not monitor database activity, do so on an ad hoc basis, or don’t know if anyone is monitoring.
7. Overall, two-thirds of companies either expect a data security incident they will have to deal with in the next 12 months, or simply don’t know what to expect.

More details in the report …

The PwC document, “Findings from the 2011 Global State of Information Security Survey,” states by way of introduction, “As global economic conditions continue to fluctuate, information security hovers in the balance – caught between a new hard-won respect among executives and a painstakingly cautious funding environment.”

The report addresses five areas:

1. Spending: A subtle but enormously meaningful shift
2. Economic context: The leading impacts and strategies
3. Funding and budgets: A balance between caution and optimism
4. Capabilities and breaches: Trends too large to ignore
5. New areas of focus: Where the emerging opportunities lie
6. Global trends: A changing of the guard