As long as we are willing to relinquish some personal data, Web applications have allowed us to create virtual identities that can conduct most of the social and financial transactions that typify life in the real world.
But the newest generation of these services is starting to collect and store far more than just the standard suite of identity data -- name and address, telephone, Social Security or credit card numbers -- that populates the databases of banks and credit card processors. They increasingly store information, generated by us, that is directly linked to those virtual identities.
And users are loving them.
For example, the start-up Mint.com won this year's TechCrunch award for its Swiss Army knife approach to personal financial management. In exchange for customers uploading their account information and allowing sponsors to offer them specialized services, Mint will connect nightly to their credit card providers, banks and credit unions. Then it automatically updates transactions and accounts, balances their checkbooks, categorizes their transactions, compares cash with debt and, based on their personal spending habits, shops for better rates on new accounts and credit cards.
A powerful project management and collaboration tool called Basecamp allows teams to store online entire project management plans, including performance targets, to-do lists, files, collaborative documents and messages. Provided by 37Signals LLC, based in Chicago, Basecamp has more than a million users around the world, including me.
Another site, Dopplr, from a company of the same name based in Finland, is still in its beta-test phase. It lets users upload and share their travel itineraries with a group of "trusted fellow travelers." The site can connect with Facebook friend lists, and last month it announced that it had opened an invitation-only social network to business travelers from 100 leading companies and international organizations, including Google, IBM and Nokia.
This type of sensitive, sometimes proprietary information was once locked up on hard drives or in file cabinets far away from anything resembling a global or even a local distribution network. Yet none of the users flocking to these services seem perturbed that they have relinquished personal control over this data to companies that, even with the best of intentions, may not be able to keep it safe.
The incidence of data theft -- from wallets to data breaches, computer viruses or Dumpster diving -- is soaring. This year alone, the security of nearly 77 million Americans' records has been breached, according to the Identity Theft Resource Center in San Diego, nearly a fourfold increase over last year.
Governments around the world are passing and enforcing laws that increasingly hold businesses financially accountable for avoidable data losses. Just last month, the TJX Cos, which owns T.J. Maxx, Marshalls and other retail stores, made a settlement offer, subject to court approval, to victims of a huge data breach, in which 45.7 million customers' credit card and debit card data was exposed to identity thieves.
As a result, some security experts are starting to ask whether the "identity data-for-services" business model, which is the engine for virtually all e-commerce companies, is a fair trade -- not just for consumers, but for business as well.
In response, they are coming up with new protocols and frameworks for collecting, using and governing identity data. Given that virtually all businesses today collect and use these kinds of data, they aim to shift the status quo in ways that could help companies both improve their reputations with customers and avoid the mounting legal liabilities that now face companies that lose control of customer data.
"The myth is that companies have to know all this information about you in order to do business with you," said Drummond Reed, vice president for infrastructure at Parity Communications, an identity technology company in Needham, Massachusetts. "But from a liability perspective, the less I know about my customers the better."
Parity is sponsoring a number of open software projects to shift more control to the users whose identity data is at risk. One of the most intriguing is called the CloudTripper Project, which is developing a way for individuals to "take their data with them" as they traverse the Web, just as they keep their wallets and checkbooks with them as they move around in the real world.
Another project, the Identity Governance Framework, aims to help organizations comply with national and international regulations, including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. It establishes a new approach for securely sharing and auditing sensitive personal information, and has been widely embraced by major enterprise software vendors as well as providers of identity technology. While such projects are helping to close security gaps that should have been addressed long ago, at least one security expert says that such efforts are trying in vain to solve a social problem with technology.
"We're in a situation where business holds all the cards," said Mike Neuenschwander, vice president and research director of identity and privacy strategies at the Burton Group, which is a technology research and advisory service based in Midvale, Utah. "Businesses put the deal in front of the consumer, they control the playing field and the consumer doesn't have any say in how the deal plays out."
One way to change this, he said, is to make people more like organizations.
To this end, Neuenschwander and his colleagues have floated the intriguing concept of the LLP: the Limited Liability Persona. This persona would be a legally recognized virtual person in which users could "invest" the financial or identity resources of their choosing.
Once their individual personas are created, consumers would be able to use them as their legal "alter ego," even in financial transactions.
"My LLP would have its own mailing address, its own tax ID number, and that's the information I'd give when I'm online," Neuenschwander said.
Other benefits include the ability for "personas" to limit their financial exposure in ways that individuals cannot.
"When you enter into a relationship with a company and give them your personal information, you're at tremendous risk -- and they aren't," he said.
"In the US, certain kinds of personal information aren't treated like property at all. It's very difficult to sue someone for misuse of personal information. And even if you do, they can never give you back your mailing address, your Social Security number or your DNA, for that matter," he said.
But if a company loses or tampers with an LLP's data, "the law allows me to sue them because it's corporate information," Neuenschwander said. "It's digital-rights management," he added, referring to the access control technologies used by publishers and other copyright holders to limit use of digital media, "only you're acting on behalf of your own organization."
Reed agreed.
"Companies use digital-rights management technology to protect their data from us," he said. "But they'd be better off if we used it to protect our data from them."
Wherever one looks, the United States is ceding ground to China. From foreign aid to foreign trade, and from reorganizations to organizational guidance, the Trump administration has embarked on a stunning effort to hobble itself in grappling with what his own secretary of state calls “the most potent and dangerous near-peer adversary this nation has ever confronted.” The problems start at the Department of State. Secretary of State Marco Rubio has asserted that “it’s not normal for the world to simply have a unipolar power” and that the world has returned to multipolarity, with “multi-great powers in different parts of the
President William Lai (賴清德) recently attended an event in Taipei marking the end of World War II in Europe, emphasizing in his speech: “Using force to invade another country is an unjust act and will ultimately fail.” In just a few words, he captured the core values of the postwar international order and reminded us again: History is not just for reflection, but serves as a warning for the present. From a broad historical perspective, his statement carries weight. For centuries, international relations operated under the law of the jungle — where the strong dominated and the weak were constrained. That
The Executive Yuan recently revised a page of its Web site on ethnic groups in Taiwan, replacing the term “Han” (漢族) with “the rest of the population.” The page, which was updated on March 24, describes the composition of Taiwan’s registered households as indigenous (2.5 percent), foreign origin (1.2 percent) and the rest of the population (96.2 percent). The change was picked up by a social media user and amplified by local media, sparking heated discussion over the weekend. The pan-blue and pro-China camp called it a politically motivated desinicization attempt to obscure the Han Chinese ethnicity of most Taiwanese.
The Legislative Yuan passed an amendment on Friday last week to add four national holidays and make Workers’ Day a national holiday for all sectors — a move referred to as “four plus one.” The Chinese Nationalist Party (KMT) and the Taiwan People’s Party (TPP), who used their combined legislative majority to push the bill through its third reading, claim the holidays were chosen based on their inherent significance and social relevance. However, in passing the amendment, they have stuck to the traditional mindset of taking a holiday just for the sake of it, failing to make good use of
RSS