About two months ago, I started a small project to see how SquareTags would work on virtual objects like web pages. Subsequent posts are here, here, here and here.  This post summarized what I learned.  Thanks to Phil Windley and his team for encouragement and support.

One by one, I tagged a few web pages I control with a Square Tag and defined an object in my SquareTag personal cloud as illustrated below.

 

I invited people to scan the tags and send me a Twitter ID or email address so I could respond. I received about 40 responses from nine states in the US, plus four other nations.  Not bad for a little blog way out on the long tail of online information.

Here are some things I learned:

Tagging virtual objects works as well as physical objects (I tagged some physical stuff, too.)

I was able to easily link information in my personal cloud to the virtual objects.  The personal cloud could potentially be a comprehensive repository for all my physical and virtual possessions.

In the cases of Facebook, About.me and Paper.li (the Discovering Identity Paper), the tags are embedded in a .jpg image, so the host site probably doesn’t even know the links exist.

Orange works just as good as black for SquareTags.  I started by using photos of the adhesive SquareTags I purchased, but then created orange tags which encoded the SquareTag URL and code for each tag.

I don’t think QR Codes are broadly used by most people.  I had to explain to several people I know what the codes were and explain what they needed to do to scan a SquareTag.

The user experience presented when someone scanned a SquareTag wasn’t optimized for this experiment.  Only one field was available, so having people uniformly offer both a contact point (Twitter ID or email address) and location didn’t always work.  Sometimes I would receive geo coordinates, but that required that a person opted in to use them.

All in all, it was an enjoyable experiment.  I think I’ll leave the tags in place for awhile, just to see if anyone else responds.  After all, I got one out of the blue yesterday.

I just finished reading an intriguing white paper, “Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores,” written by Thomas Hardjono, Dazza Greenwood, and Alex (Sandy) Pentland, all associated with MIT.  I was particularly interested to see how much detail has been built around this concept of Core Identities since Dazza Greenwood and I discussed it several years ago, while I was employed by Sun Microsystems.

The paper proposes …

At the heart of digital identities is the concept of the core identity of an individual, which inalienably belongs to that individual. The core identity serves as the root from which emerge other forms of digital derived identities (called personas) that are practically useful and are legally enforced in digital transactions.

… and goes on to explore:

potential business models for Core Identity service providers and Persona providers (specializing in personalization, privacy and preferences services for a unified user experience across many sites and systems)

The paper then ties the concept of Core Identities and Personas to the MIT Open Personal Data Store (Open PDS) initiative:

The OpenPDS is an open-source Personal Data Store (PDS) enabling the user to collect, store, and give access to their data while protecting their privacy. Users can install and operate their own PDS, or alternatively users can operate an OpenPDS instance in a hosted environment.

We use the term “dynamic” here to denote that fact that the PDS does not only contain static data but also incorporates the ability to perform computations based on policy and is user-managed or user-driven. In a sense, the OpenPDS can be considered a small and portable Trusted Compute Unit belonging to an individual.

The paper concludes by emphasizing these four concepts:

1. An infrastructure to support the establishment and use of core identities and personas is needed in order to provide equitable access to data and resources on the Internet.
2. Personas are needed which are legally bound to core identifiers belonging to the individual. We see personas as a means to achieve individual privacy through the use of derived identifiers.
3. the privacy preserving features of core identities and personas fully satisfy the data privacy requirements of Personal Data Stores as defined by the MIT OpenPDS project. The ability for an individual to own and control his or her personal data through deployment of a PDS represents a key requirement for the future of the digital commerce on Internet.
4. We believe the MIT OpenPDS design allows for a new breed of providers to emerge who will support consumer privacy, while at the same time allow the consumer to optionally partake in various data mining and exploration schemes in a privacy-preserving manner.

This sounds like OpenPDS is very much in line with the Personal Cloud concept.  Perhaps the MIT work with Core Identities, Personas and Open Personal Data Systems will help shorten the time before we can take advantage of real, working Personal Clouds. 

One of the benefits of growing old is the historical perspective offered by advancing age. I have been privileged to be an active participant as the computer industry has literally unfolded before my eyes.  

The first computer I saw demonstrated, back in 1970, was built by a hobbyist, using flip flops constructed out of discrete transistors and a numeric  Nixie tube display. The input device?  A rotary phone dial.  As an electronics hobbyist myself, I was fascinated by the blinking lights, even though the contraption really wasn’t very useful as an end user device.

Fast forward a few years … As part of my first engineering job, I built my first personal computer in 1978, predating the IBM PC by three years.  It was based on the Texas Instruments 9900 microprocessor, one of the first 16-bit microprocessors. I designed and built the color graphics display board and modified a Sony Trinitron TV to be the color monitor. I had to design and debug the circuitry, work with others to design the chassis and circuit boards and solder in all the chips.  I used an original Soroc terminal and Epson TX-80 dot matrix printer.  The computer had a rudimentary operating system and simple text editor.  I thought I was in heaven!  For a geek like me, I had both the joy of experimentation and emerging productivity for my work.

My next big step forward was getting one of the original Compaq luggable PCs – complete with two 256k 5-1/4 inch floppy drives (no hard drive). It was a great step forward in packaging, but the real benefit was the software - WordPerfect word processor and Lotus123 spreadsheet.  My productivity really accelerated.  And I didn’t have to build anything. (By the way, I still have that computer!)

Of course, the MacBook Air I use now is almost infinitely more capable than the those old relics.  We have come a long way.

What does this have to do with Personal Clouds? I somehow get the feeling we are still in the hobbyist phase.  A lot of blinking lights and personal tinkering and vision of the future, but not a lot of real utility and tangible benefits.

Don’t get me wrong – I really like the concept of personal clouds.  I like the promise of  better privacy, better personal control over my information, easier to use Identity and payments infrastructure and unifying functionality in a virtual container in the cloud. I salute those who are working to transform vision into reality.

But at this time in my life, I tend to be impatient. I want my MacBook Air when all that is available is Nixie tubes and rotary phone dials.   I’d like to see the next Apple emerge or some stodgy old IBM-like company leverage their market presence and offer Personal Cloud infrastructure that is really easy to use and really useful to old fogies like me.

Who will it be?

 

Now, in honor of my post about Personal Clouds – the philosophy of Frank & Ernest:

I think I inadvertently touched a nerve today.

After reading the post “Why the ‘i’ in iPhone Will Stand For ‘Identity’“, I tweeted an interesting statement from the middle of that post:

“Establishing one’s company as the de facto digital identity layer is the single biggest business opportunity” http://t.co/OGboZREiTj

Almost immediately, @windley re-tweeted my post and @dsearls responded:

@mgd … and a huge mistake, again, because identity is personal: http://t.co/Ip1VubbY8E #vrm

After reading Doc’s rebuttal to the iPhone paper, “Identity is Personal,” and his earlier post, “Identity systems, failing to communicate,” which speaks to why our current Identity systems are so abysmal, and a third post, “People will do more with Big Data than big companies can,” which predicts that personal clouds will emerge this decade as the best solution to the identity problem, I tweeted this question:

@dsearls Who do you predict will host the personal cloud(s) that will resolve our identity challenges?  #vrm #PersonalCloud

Doc’s answer:

@mgd People themselves, and/or fourth parties they choose. Read @Windley for more on this. #personalcloud #vrm

Doc is right.  Phil Windley has written some excellent posts on the subject.  Some recent ones, in chronological order:

1. Own Your Identity: Important Principles
2. Build the World You Want to Live In
3. Pot Holes and Picos
4. IMAP as the Proto Personal Cloud
5. Personal Clouds and the Future of the Web

I do like the concept of personal clouds.  I have experimented a little bit with Phil’s personal cloud infrastructure at Kynetx.  The orange SquareTag in the upper right area of this blog is an artifact of my little experiment to tag my social media places with SquareTags and connect them to my personal cloud hosted by Kynetx.

But my question still remains: What companies will emerge as the leading hosters of personal clouds?  I don’t want to host my own; I don’t think my wife, as bright as she is, would learn how to do it.

I would like my personal cloud to be hosted by a capable institution I trust. I would like Identity credentials I select from my personal cloud to be recognized by every website I choose to visit, and I would like the payment method I choose from my personal cloud to be accepted by every vendor I purchase things from.  That will require broadly accepted standards for Identity and payments and the large-scale infrastructure to make it work.

I tend to think that it will take some pretty large organizations to pull that off.

My vote for an institution to host my personal cloud?  My bank.  It already has a vault full of things that are like analog personal clouds – safe deposit boxes.  I choose what goes in my box and what comes out.  The bank can’t get it without my key.

Plus, my bank provides a whole litany of payment options. And, I tend to trust them to take are of my money. Perhaps I could trust them with my digital safe deposit box as well.  I’d even be willing to pay for it.

Will they do it?  That is another question.

The annual Verizon Data Breach Investigation Report  was recently published. The opening statement really tells the story:

Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage. But rather than a synchronized chorus making its debut on New Year’s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year. And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune. As a result—perhaps agitated by ancient Mayan doomsday predictions—a growing segment of the security community adopted an “assume you’re breached” mentality. (emphasis added)

The post I made a few minutes ago about 94% of healthcare companies suffering a breach is certainly in line with this attitude.

What is one to do?  I liked the way Verizon concluded the report.

We worked with the recently formed Consortium for Cybersecurity Action (CCA) and mapped the most common [VERIS] threat action varieties to their Critical Security Controls for Effective Cyber Defense … Most organizations should implement all 20 of the Critical Security Controls to some level.

The following diagram shows the Critical Security Controls mapped to the top VERIS Threat Actions:

Enterprises must implement comprehensive, end-to-end security.  It’s not easy, but we must do it.

 

 

94%. Almost 100%! That is a pretty sobering statistic.  Please take a few minutes and scan the very informative info graphic at background check.org.  

Just think. Almost all healthcare organizations – the ones we trust with our most sensitive information – are leaking data like a sieve. How does this affect you?

I read through the Ponemon Institute: 2012 Cost of Cyber Crime Study that was released last October.  The results are quite staggering:

Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.

$8.9 million per year is the average.  That’s a lot of money.

The percentage annualized cyber crime cost by attack type is shown in the following graph.  There is a lot of bad stuff going on out there!

Only from our friends at Non Sequitur …

I particularly like the thought of tulips outside the igloo!

A great little video where Ellen DeGeneres shows a product which claims to solve all of our password problems …