In the Oracle Information InDepth newsletter I just received, a new white paper, “Privacy and Security by Design: A Convergence of Paradigms,” was announced. The paper is a collaboration of Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada, and Marc Chanliau, Director, Product Management, Oracle Corporation.

The forward by Ms. Cavoukian includes this statement:

My hope is that privacy and security – by design, will continue to evolve into an essential component of information technologies and operational practices of organizations, as well as becoming an integral part of entire systems of data governance and privacy protection.

The paper further explains the value of these converging topics:

This paper highlights the convergence of these two paradigms. In the first part, the concept of security by design as understood in the technical community is introduced. In the second, the concept of Privacy by Design (PbD) as understood in the privacy community is discussed. The third and final part explores how these two concepts share notable similarities and how they may complement and mutually reinforce each other.

The paper provides a good overview of Security by Design …

… we address three aspects of security by design: i) software security assurance (designing software systems that are secure from the ground up and minimizing the impact of system breach when a security vulnerability is discovered) ; ii) preserving privacy in the enterprise environment and; iii) ensuring identity across heterogeneous vendors.

… and Privacy by Design.

Privacy by Design … is aimed at preventing privacy violations from arising in the first place. PbD is based on seven (7) Foundational Principles. It emphasizes respect for user privacy and the need to embed privacy as a default condition. It also preserves a commitment to functionality in a doubly-enabling ‘win-win, ’ or positive-sum strategy. This approach transforms consumer privacy issues from a pure policy or compliance issue into a business imperative.

The paper concludes:

It is becoming widely recognized that privacy and security must both be embedded, by default, into the architecture, design and construction of information processes. This is a central motivation for PbD, which is aimed at reducing the risk of a privacy harm from arising in the first place. By taking a proactive approach, it is possible to demonstrate that it is indeed possible (and far more desirable) to have privacy and security! Why settle for one when you can have both?

I found the paper to be thoughtful and timely. By coincidence, this morning I committed to an event next week where I will meet Ms. Cavoukian. I look forward to it!

Nishant Kaushik’s tweet today prompted some paranoid thoughts about the use of big data analytics.

Scary #Privacy News Day: Raytheon RIOT – http://t.co/FB4dsnjv AND Equifax selling Employer shared employee data – http://t.co/HZSeqN9E

The first article, “Software that tracks people on social media created by defense firm,” explored how Raytheon has developed a system to track us all:

A multinational security firm has secretly developed software capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites. …

“Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs.”

The second article, “Your employer may share your salary, and Equifax might sell that data,” stated:

The Equifax credit reporting agency, with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans’ personal information ever created, containing 190 million employment and salary records covering more than one-third of U.S. adults.

These two articles triggered thoughts about Axciom …

[Axciom] peers deeper into American life than the F.B.I. or the I.R.S., or those prying digital eyes at Facebook and Google. If you are an American adult, the odds are that it knows things like your age, race, sex, weight, height, marital status, education level, politics, buying habits, household health worries, vacation dreams — and on and on. …

Few consumers have ever heard of Acxiom. But analysts say it has amassed the world’s largest commercial database on consumers — and that it wants to know much, much more. Its servers process more than 50 trillion data “transactions” a year. Company executives have said its database contains information about 500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States.        

… and Lexis Nexis:

LexisNexis … is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.

Are there legitimate uses for all this data? Yes.  But is there potential for illicit exploitation and mis-use of that data?  I’d bet my bottom dollar on it.  The unintended consequences of amassing all this personal data are what worry me.

I read a chilling article in the Wall Street Journal this evening, entitled, “U.S. Terrorism Agency to Tap a Vast Database of Citizens.”

Yep … that means you and me – data about us law abiding citizens will now be analyzed by government officials, all without judicial warrant or probable cause.

Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime. …

The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. …

Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior.

It was way back in my high school days when I read and was terrified by the prospects of George Orwell‘s novel Nineteen Eighty Four.  Orwell might have predicted the wrong year, but what once seemed like far-fetched political satire seems disturbingly like accurate prophesy.

I have been intrigued by the potential emergence of “Life Management Platforms” as described in the Kuppinger-Cole advisory note, “Life Management Platforms: Control and Privacy for Personal Data.”  The concept that particularly interests me is integration between systems that would allow controlled sharing of information, using principles Martin Kuppinger describes as “informed pull” and “controlled push.”

Life Management Platforms are far more than Personal Data Stores. They not only support a secure store for sensitive personal information. They allow making a better use of that information. The real value lies in the sharing of that information supported by Life Management Platforms. …

These concepts are like two sides of the same coin. Furthermore they are the essence of why Life Management Platforms are far more than just a store of personal data. Storing personal data is just a little piece of the value proposition of Life Management Platforms. And just sharing this information by allowing some parties to access it without further control and without keeping a grip on that data is also not what really makes a Life Management Platform. That would be nothing more than a social network with some better access control capabilities.

The key capability of Life Management Platforms is the ability for exactly the two concepts mentioned. This is about using new types of privacy-aware apps which allow making use of sensitive information in a way that provides value to the owner of that sensitive information.

I can think of dozens of ways this could immediately help me in my life, in addition to the many that Martin included in his report.  For example:

1. Twice each month, I download an electronic copy of my payslip and manually transcribe key bits of information from that unstructured report into the money management program on my personal computer.  Wouldn’t it be great if I could do an “informed pull” of that information in a way that would automatically transfer selected data from my employer to my money management program, just like I do from my bank and credit card vendors?
2. Each year, I assemble a bunch of information to give to my accountant to prepare my tax return.  Wouldn’t it be great I could use a “controlled push” of such information from my computer to his?
3. I recently visited a new dentist.  Wouldn’t it be great if I could have used use a “controlled push” of my profile and medical history to their system, rather than fill out yet another set of paper forms?
4. We recently had a great time with all of our six children and their families at a family reunion in the White Mountains of Arizona.  Wouldn’t it have been great to post addresses and lodging details once and let each member of the family do an “informed pull” that automatically populated their mobile phone calendars, address books and GPS units?

And the list of possibilities could go on and on.  Many industries could benefit from this concept – healthcare, financial services, travel, hospitality and many more.

I like some of the emerging systems from vendors Martin mentions, but each has its challenges.

As its name suggestions, Personal.com is a useful application for storing personal information.  In its current state, it is kind of like Evernote for structured data – an ability to put personal data into secure “gems” that can have any number of attributes, and have those gems available either on a website or on my mobile phone.  It has the ability to share gems with other personal.com members or with non-members via email (if you dare use that insecure medium).  However, personal.com lacks the structured data exchange between applications that is essential for the use cases I mentioned above.  It even suffers from a disturbing lack of data exchange internally.  For example, if I fill in a business card “gem” with my name and contract information, that data isn’t available to help me fill in somewhat related gems, such as passport, drivers license or social security card gems.

I like the concepts behind connect.me.  Reputation is indeed an important attribute of my identity.  However, I haven’t found a practical use in my life for the service or something like it.  Having a way to use “controlled push” of my reputation to consuming applications may make it more useful.  But I am definitely monitoring their progress, and patiently awaiting their new product launch.

I have enjoyed reading through the QIY website – particularly about their efforts to forge relationships with companies that are interested in working with personal data in an integrated way.  Unfortunately for me, a life-long mono-linquist, I don’t know the enough Dutch words to sign up for the QIY consumer website.

So, it is great to see progress in this area.  What the Life Management Platform concept really needs to move forward is definition and demonstration of a set of open, secure APIs to implement “informed pull” and “controlled push” information sharing capabilities for real.  Then, personal data platforms and related applications that produce and consume structured data while protecting both privacy and personal control could flourish.

In my recent post, I made this observation:

[Facebook and Google] are essentially advertising channels, whose real customers are not those of us who visit their sites, but the advertisers who pay them money.

That is where Intent comes in.  The most valuable commodity Google and Facebook can sell to their advertising customers is the Intent of the people who visit their sites – the Intent to explore, to examine, and ultimately, to buy. The better either company can be at determining the Intent of their users, the better they are prepared to rake in the bucks from companies who advertise with them.

From that perspective, I have been fascinated by the recent big news that Facebook has settled charges with the FTC over charges the Facebook deceived users about privacy. As reported by the Daily Beast,

… Facebook promises to stop making “deceptive privacy claims” and get users’ permission before changing the way it shares their information. The social-media company must also submit to privacy audits for 20 years. …

Acknowledging this settlement, Mark Zuckerberg posted a lengthy statement on the Facebook blog:

… I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done. … But we can also always do better. I’m committed to making Facebook the leader in transparency and control around privacy. …

Not all pundits accepted Zuckerberg’s contrite response.  Dan Lyons of the Daily Beast posted a cynical article entitled, “The Truth About Facebook Privacy—if Zuckerberg Got Real.”

The social network just settled privacy charges with the FTC, and its CEO posted a lengthy non-apology on the company blog. But here’s what Mark Zuckerberg might have said if he dared to be brutally honest. …

Let’s skip to the meat of Dan’s article (his view of what an truly candid Zuckerberg would have said:

 … The truth is, we have no interest in protecting your privacy, and if you still believe that we do, then you are stupider than we thought, and believe me, we already thought you were pretty stupid. Think about it. The only way our business works is if we can track what you do and sell that information to advertisers. Did you honestly not realize that?

You are not our customer. You are the product that we sell. For us to say we’re going to protect you is like the poultry industry promising to create more humane living conditions for chickens. Sure, they say that. But you know they don’t mean it.

Same with us. We will never, ever stop trying to pry data out of you. How could we? We’re a business. We’re doing this to make money. And our investors would like it very much if we can make absolutely as much money as possible. It’s simply not in our nature to stop. You know the fable about the scorpion and the frog? Yeah. It’s like that. …

Pretty harsh? Yep! But there are glimmers of truth in there. Just remember the next time you visit Facebook (which I have already done several times already today), “You are the product that we sell.”

The Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups. FPF was launched in November 2008, and is supported by Adobe, American Express, AOL, AT&T, Bering Media, The Better Advertising Project, BlueKai, BrightTag, Comcast, comScore, Datran Media, Deloitte, DoubleVerify, eBay, Facebook, General Electric, Google, Intel, Intuit, LexisNexis, Lockheed Martin, Microsoft, The Nielsen Company, Procter & Gamble, Qualcomm, Reputation Defender, Time Warner Cable, TruEffect, TRUSTe, Verizon, Yahoo! and Zynga.

ApplicationPrivacy.org is a project of the Future of Privacy Forum intended to provide application developers with the tools and resources needed to implement trustworthy data practices. The Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices.

When I hear a message that begins, “We’re from the government, and we’re here to help,” I am naturally suspicious.  My political philosophy, based on personal freedom, individual responsibility and natural consequences, is all too often infringed upon by over-reaching, even if well-intentioned, government mandates.  So, when I first learned of the “National Strategy For Trusted Identities In Cyberspace,” I quite naturally envisioned the typical government movement towards stronger control, greater regulation and reduced freedom.

These goals will require the active collaboration of all levels of government and the private sector  The private sector will be the primary developer, implementer, owner, and operator of the Identity Ecosystem, which will succeed only if it serves as a platform for innovation in the market. The Federal Government will enable the private sector and will lead by example through the early adoption and provision of Identity Ecosystem services. It will partner with the private sector to develop the Identity Ecosystem, and it will ensure that baseline levels of security, privacy, and interoperability are built into the Identity Ecosystem Framework.

That said, I include here some key points from the document.  A user-centric “Identity Ecosystem” is proposed – an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices. 

I first read the news about Apple’s secretive location tracking capability in the Kaspersky Labs Threat Post article, “Secret iPhone Feature Tracks Owners’ Whereabouts“:

Security researchers have discovered a hidden iPhone feature that secretly tracks and saves the meanderings of the phone – and presumably its owner.

The tracking feature was described in a presentation at the Where 2.0 Conference in San Francisco on Wednesday. According to the researchers, Pete Warden, founder of Data Science Toolkit and Alasdair Allan a researcher at Exeter University in the UK, the tracking feature records the phone’s movements, including what cell phone towers and Wifi hotspots it connects to, when and where. While that information isn’t shared with Apple, it is retained even when iPhone users update their hardware, suggesting that Apple had plans to use the data at a later time.

Was I surprised?  No.  Irritated?  Yes.  We have one more piece of evidence, that when power is concentrated in the hands of a few, abuses tend to occur.

After reading the O’Reilly Radar article, “Got an iPhone or 3G iPad? Apple is recording your moves“, I followed a link to an application to see for myself:

How can you look at your own data?

We have built an application that helps you look at your own data. It’s available at petewarden.github.com/iPhoneTracker along with the source code and deeper technical information.

The broad view clearly showed the four states in which I have used my month-old iPad:

But the real interesting view was of my supposed meanderings in Arizona:

I can easily explain three of the four major clumps of usage in the Phoenix metropolitan area – my home, the Phoenix airport, and a client site. But I have never taken my iPad to the fourth area of supposed heavy use.

All the outliers are even more problematic.  I used the iPad once in a mountainous area northeast of Phoenix, but all the other outliers?  My only explanation is that I must have forgotten to place the iPad in “Airplane Mode” on one or more more of my flights (heaven forbid!).  The iPad must have connected with dozens of cell towers as we flew over.

My message to Steve Jobs?  Please, just call. I’d gladly invite you over for dinner or take you to my favorite restaurant, where we could discuss the things that are important to me in my life.  But these shenanigans?  Really tawdry for a supposely high class company.

I am anxious for the time when I can buy groceries or pay for a meal with my iPhone.  According to Juniper Research, that time may be be closer than you would think.

As reported by GigaOM, Juniper Research predicts that 1 in 5 Smartphones Will Have NFC by 2014.  NFC, or “Near Field Communication,” is a technology that allows a payment to be made by holding a device, such as a mobile phone, in close proximity to a NFC-capable point of sale terminal.

I think it would be great to use a mobile wallet on my iPhone, working in concert with an NFC chip embedded within my iPhone, to make a payment.

The GigaOM article states:

Juniper said the increasing momentum behind NFC, with a stream of vendor and carriers announcements in recent months, is helping boost the prospects of NFC. North America will lead the way, according to Juniper, with half of all NFC smartphones by 2014. France, in particular, is off to a quick start, with 1 million NFC devices expected this year.

Of course, there is more than just putting moble wallet apps and NFC chips on smartphones.

But the NFC ramp-up will still faces challenges. With so many players involved, from merchants, operators, manufacturers and web giants like Google, service complexity will be an issue. The industry also needs to work out business models around NFC while ensuring strong security for consumers unfamiliar with the concept of a mobile wallet, said Howard Wilcox, the author of the report.

Which smart phone vendor will be first to the races with a mainstream NFC-equipped device? Will the next iPhone be NFC-equipped?  I hope so, but I had also hoped for that in the iPhone 4.  Time will tell.  I’m just hoping for sooner, rather than later.

And, by the way, Identity Management and Information Security are crucial to an overall solution. Knowing who the user is and that user wants to do, and making sure their information is absolutely safe, are critical components of the mobile payments infrastructure that must be built. In that vein, its great to be in the industry that is making this all happen.