As long as we are willing to relinquish some personal data, Web applications have allowed us to create virtual identities that can conduct most of the social and financial transactions that typify life in the real world.
But the newest generation of these services is starting to collect and store far more than just the standard suite of identity data -- name and address, telephone, Social Security or credit card numbers -- that populates the databases of banks and credit card processors. They increasingly store information, generated by us, that is directly linked to those virtual identities.
And users are loving them.
For example, the start-up Mint.com won this year's TechCrunch award for its Swiss Army knife approach to personal financial management. In exchange for customers uploading their account information and allowing sponsors to offer them specialized services, Mint will connect nightly to their credit card providers, banks and credit unions. Then it automatically updates transactions and accounts, balances their checkbooks, categorizes their transactions, compares cash with debt and, based on their personal spending habits, shops for better rates on new accounts and credit cards.
A powerful project management and collaboration tool called Basecamp allows teams to store online entire project management plans, including performance targets, to-do lists, files, collaborative documents and messages. Provided by 37Signals LLC, based in Chicago, Basecamp has more than a million users around the world, including me.
Another site, Dopplr, from a company of the same name based in Finland, is still in its beta-test phase. It lets users upload and share their travel itineraries with a group of "trusted fellow travelers." The site can connect with Facebook friend lists, and last month it announced that it had opened an invitation-only social network to business travelers from 100 leading companies and international organizations, including Google, IBM and Nokia.
This type of sensitive, sometimes proprietary information was once locked up on hard drives or in file cabinets far away from anything resembling a global or even a local distribution network. Yet none of the users flocking to these services seem perturbed that they have relinquished personal control over this data to companies that, even with the best of intentions, may not be able to keep it safe.
The incidence of data theft -- from wallets to data breaches, computer viruses or Dumpster diving -- is soaring. This year alone, the security of nearly 77 million Americans' records has been breached, according to the Identity Theft Resource Center in San Diego, nearly a fourfold increase over last year.
Governments around the world are passing and enforcing laws that increasingly hold businesses financially accountable for avoidable data losses. Just last month, the TJX Cos, which owns T.J. Maxx, Marshalls and other retail stores, made a settlement offer, subject to court approval, to victims of a huge data breach, in which 45.7 million customers' credit card and debit card data was exposed to identity thieves.
As a result, some security experts are starting to ask whether the "identity data-for-services" business model, which is the engine for virtually all e-commerce companies, is a fair trade -- not just for consumers, but for business as well.
In response, they are coming up with new protocols and frameworks for collecting, using and governing identity data. Given that virtually all businesses today collect and use these kinds of data, they aim to shift the status quo in ways that could help companies both improve their reputations with customers and avoid the mounting legal liabilities that now face companies that lose control of customer data.
"The myth is that companies have to know all this information about you in order to do business with you," said Drummond Reed, vice president for infrastructure at Parity Communications, an identity technology company in Needham, Massachusetts. "But from a liability perspective, the less I know about my customers the better."
Parity is sponsoring a number of open software projects to shift more control to the users whose identity data is at risk. One of the most intriguing is called the CloudTripper Project, which is developing a way for individuals to "take their data with them" as they traverse the Web, just as they keep their wallets and checkbooks with them as they move around in the real world.
Another project, the Identity Governance Framework, aims to help organizations comply with national and international regulations, including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. It establishes a new approach for securely sharing and auditing sensitive personal information, and has been widely embraced by major enterprise software vendors as well as providers of identity technology. While such projects are helping to close security gaps that should have been addressed long ago, at least one security expert says that such efforts are trying in vain to solve a social problem with technology.
"We're in a situation where business holds all the cards," said Mike Neuenschwander, vice president and research director of identity and privacy strategies at the Burton Group, which is a technology research and advisory service based in Midvale, Utah. "Businesses put the deal in front of the consumer, they control the playing field and the consumer doesn't have any say in how the deal plays out."
One way to change this, he said, is to make people more like organizations.
To this end, Neuenschwander and his colleagues have floated the intriguing concept of the LLP: the Limited Liability Persona. This persona would be a legally recognized virtual person in which users could "invest" the financial or identity resources of their choosing.
Once their individual personas are created, consumers would be able to use them as their legal "alter ego," even in financial transactions.
"My LLP would have its own mailing address, its own tax ID number, and that's the information I'd give when I'm online," Neuenschwander said.
Other benefits include the ability for "personas" to limit their financial exposure in ways that individuals cannot.
"When you enter into a relationship with a company and give them your personal information, you're at tremendous risk -- and they aren't," he said.
"In the US, certain kinds of personal information aren't treated like property at all. It's very difficult to sue someone for misuse of personal information. And even if you do, they can never give you back your mailing address, your Social Security number or your DNA, for that matter," he said.
But if a company loses or tampers with an LLP's data, "the law allows me to sue them because it's corporate information," Neuenschwander said. "It's digital-rights management," he added, referring to the access control technologies used by publishers and other copyright holders to limit use of digital media, "only you're acting on behalf of your own organization."
Reed agreed.
"Companies use digital-rights management technology to protect their data from us," he said. "But they'd be better off if we used it to protect our data from them."
The EU’s biggest banks have spent years quietly creating a new way to pay that could finally allow customers to ditch their Visa Inc and Mastercard Inc cards — the latest sign that the region is looking to dislodge two of the most valuable financial firms on the planet. Wero, as the project is known, is now rolling out across much of western Europe. Backed by 16 major banks and payment processors including BNP Paribas SA, Deutsche Bank AG and Worldline SA, the platform would eventually allow a German customer to instantly settle up with, say, a hotel in France
On August 6, Ukraine crossed its northeastern border and invaded the Russian region of Kursk. After spending more than two years seeking to oust Russian forces from its own territory, Kiev turned the tables on Moscow. Vladimir Putin seemed thrown off guard. In a televised meeting about the incursion, Putin came across as patently not in control of events. The reasons for the Ukrainian offensive remain unclear. It could be an attempt to wear away at the morale of both Russia’s military and its populace, and to boost morale in Ukraine; to undermine popular and elite confidence in Putin’s rule; to
A traffic accident in Taichung — a city bus on Sept. 22 hit two Tunghai University students on a pedestrian crossing, killing one and injuring the other — has once again brought up the issue of Taiwan being a “living hell for pedestrians” and large vehicle safety to public attention. A deadly traffic accident in Taichung on Dec. 27, 2022, when a city bus hit a foreign national, his Taiwanese wife and their one-year-old son in a stroller on a pedestrian crossing, killing the wife and son, had shocked the public, leading to discussions and traffic law amendments. However, just after the
The international community was shocked when Israel was accused of launching an attack on Lebanon by rigging pagers to explode. Most media reports in Taiwan focused on whether the pagers were produced locally, arousing public concern. However, Taiwanese should also look at the matter from a security and national defense perspective. Lebanon has eschewed technology, partly because of concerns that countries would penetrate its telecommunications networks to steal confidential information or launch cyberattacks. It has largely abandoned smartphones and modern telecommunications systems, replacing them with older and relatively basic communications equipment. However, the incident shows that using older technology alone cannot