As long as we are willing to relinquish some personal data, Web applications have allowed us to create virtual identities that can conduct most of the social and financial transactions that typify life in the real world.
But the newest generation of these services is starting to collect and store far more than just the standard suite of identity data -- name and address, telephone, Social Security or credit card numbers -- that populates the databases of banks and credit card processors. They increasingly store information, generated by us, that is directly linked to those virtual identities.
And users are loving them.
For example, the start-up Mint.com won this year's TechCrunch award for its Swiss Army knife approach to personal financial management. In exchange for customers uploading their account information and allowing sponsors to offer them specialized services, Mint will connect nightly to their credit card providers, banks and credit unions. Then it automatically updates transactions and accounts, balances their checkbooks, categorizes their transactions, compares cash with debt and, based on their personal spending habits, shops for better rates on new accounts and credit cards.
A powerful project management and collaboration tool called Basecamp allows teams to store online entire project management plans, including performance targets, to-do lists, files, collaborative documents and messages. Provided by 37Signals LLC, based in Chicago, Basecamp has more than a million users around the world, including me.
Another site, Dopplr, from a company of the same name based in Finland, is still in its beta-test phase. It lets users upload and share their travel itineraries with a group of "trusted fellow travelers." The site can connect with Facebook friend lists, and last month it announced that it had opened an invitation-only social network to business travelers from 100 leading companies and international organizations, including Google, IBM and Nokia.
This type of sensitive, sometimes proprietary information was once locked up on hard drives or in file cabinets far away from anything resembling a global or even a local distribution network. Yet none of the users flocking to these services seem perturbed that they have relinquished personal control over this data to companies that, even with the best of intentions, may not be able to keep it safe.
The incidence of data theft -- from wallets to data breaches, computer viruses or Dumpster diving -- is soaring. This year alone, the security of nearly 77 million Americans' records has been breached, according to the Identity Theft Resource Center in San Diego, nearly a fourfold increase over last year.
Governments around the world are passing and enforcing laws that increasingly hold businesses financially accountable for avoidable data losses. Just last month, the TJX Cos, which owns T.J. Maxx, Marshalls and other retail stores, made a settlement offer, subject to court approval, to victims of a huge data breach, in which 45.7 million customers' credit card and debit card data was exposed to identity thieves.
As a result, some security experts are starting to ask whether the "identity data-for-services" business model, which is the engine for virtually all e-commerce companies, is a fair trade -- not just for consumers, but for business as well.
In response, they are coming up with new protocols and frameworks for collecting, using and governing identity data. Given that virtually all businesses today collect and use these kinds of data, they aim to shift the status quo in ways that could help companies both improve their reputations with customers and avoid the mounting legal liabilities that now face companies that lose control of customer data.
"The myth is that companies have to know all this information about you in order to do business with you," said Drummond Reed, vice president for infrastructure at Parity Communications, an identity technology company in Needham, Massachusetts. "But from a liability perspective, the less I know about my customers the better."
Parity is sponsoring a number of open software projects to shift more control to the users whose identity data is at risk. One of the most intriguing is called the CloudTripper Project, which is developing a way for individuals to "take their data with them" as they traverse the Web, just as they keep their wallets and checkbooks with them as they move around in the real world.
Another project, the Identity Governance Framework, aims to help organizations comply with national and international regulations, including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. It establishes a new approach for securely sharing and auditing sensitive personal information, and has been widely embraced by major enterprise software vendors as well as providers of identity technology. While such projects are helping to close security gaps that should have been addressed long ago, at least one security expert says that such efforts are trying in vain to solve a social problem with technology.
"We're in a situation where business holds all the cards," said Mike Neuenschwander, vice president and research director of identity and privacy strategies at the Burton Group, which is a technology research and advisory service based in Midvale, Utah. "Businesses put the deal in front of the consumer, they control the playing field and the consumer doesn't have any say in how the deal plays out."
One way to change this, he said, is to make people more like organizations.
To this end, Neuenschwander and his colleagues have floated the intriguing concept of the LLP: the Limited Liability Persona. This persona would be a legally recognized virtual person in which users could "invest" the financial or identity resources of their choosing.
Once their individual personas are created, consumers would be able to use them as their legal "alter ego," even in financial transactions.
"My LLP would have its own mailing address, its own tax ID number, and that's the information I'd give when I'm online," Neuenschwander said.
Other benefits include the ability for "personas" to limit their financial exposure in ways that individuals cannot.
"When you enter into a relationship with a company and give them your personal information, you're at tremendous risk -- and they aren't," he said.
"In the US, certain kinds of personal information aren't treated like property at all. It's very difficult to sue someone for misuse of personal information. And even if you do, they can never give you back your mailing address, your Social Security number or your DNA, for that matter," he said.
But if a company loses or tampers with an LLP's data, "the law allows me to sue them because it's corporate information," Neuenschwander said. "It's digital-rights management," he added, referring to the access control technologies used by publishers and other copyright holders to limit use of digital media, "only you're acting on behalf of your own organization."
Reed agreed.
"Companies use digital-rights management technology to protect their data from us," he said. "But they'd be better off if we used it to protect our data from them."
Saudi Arabian largesse is flooding Egypt’s cultural scene, but the reception is mixed. Some welcome new “cooperation” between two regional powerhouses, while others fear a hostile takeover by Riyadh. In Cairo, historically the cultural capital of the Arab world, Egyptian Minister of Culture Nevine al-Kilany recently hosted Saudi Arabian General Entertainment Authority chairman Turki al-Sheikh. The deep-pocketed al-Sheikh has emerged as a Medici-like patron for Egypt’s cultural elite, courted by Cairo’s top talent to produce a slew of forthcoming films. A new three-way agreement between al-Sheikh, Kilany and United Media Services — a multi-media conglomerate linked to state intelligence that owns much of
The US and other countries should take concrete steps to confront the threats from Beijing to avoid war, US Representative Mario Diaz-Balart said in an interview with Voice of America on March 13. The US should use “every diplomatic economic tool at our disposal to treat China as what it is... to avoid war,” Diaz-Balart said. Giving an example of what the US could do, he said that it has to be more aggressive in its military sales to Taiwan. Actions by cross-party US lawmakers in the past few years such as meeting with Taiwanese officials in Washington and Taipei, and
Denmark’s “one China” policy more and more resembles Beijing’s “one China” principle. At least, this is how things appear. In recent interactions with the Danish state, such as applying for residency permits, a Taiwanese’s nationality would be listed as “China.” That designation occurs for a Taiwanese student coming to Denmark or a Danish citizen arriving in Denmark with, for example, their Taiwanese partner. Details of this were published on Sunday in an article in the Danish daily Berlingske written by Alexander Sjoberg and Tobias Reinwald. The pretext for this new practice is that Denmark does not recognize Taiwan as a state under
The Republic of China (ROC) on Taiwan has no official diplomatic allies in the EU. With the exception of the Vatican, it has no official allies in Europe at all. This does not prevent the ROC — Taiwan — from having close relations with EU member states and other European countries. The exact nature of the relationship does bear revisiting, if only to clarify what is a very complicated and sensitive idea, the details of which leave considerable room for misunderstanding, misrepresentation and disagreement. Only this week, President Tsai Ing-wen (蔡英文) received members of the European Parliament’s Delegation for Relations