Interesting People mailing list archives
IP: Project Liberty: [risks] Risks Digest 21.72
From: David Farber <dave () farber net>
Date: Tue, 30 Oct 2001 18:55:30 -0500
Date: Tue, 23 Oct 2001 14:17:16 -0400 From: "Jay R. Ashworth" <jra () baylink com> Subject: Project Liberty In last week's Linux Weekly News, there was some preliminary coverage of Project Liberty, an "open" alternative to Microsoft's Hailstorm, which is -- very roughly -- an a attempt to embed Passport into everything on the planet. The short version is: a repository of information about your person, life, and preferences which can be accessed by people and companies you authorise, to provide authentication that you are you, and information about, for example, your purchase default desires (credit-card numbers, which card to use, do you prefer first class or coach, etc). Now, this is, fundamentally, not an especially bad idea. But how it is implemented is -- given the sort of information which it might end up holding -- pretty crucial to your personal privacy: do you want anyone except your doctor and your pharmacist knowing that you have a prescription for protease inhibitors? (Drugs used to control AIDS and related conditions.) You probably don't even want your *health insurer* to know that, even though perhaps you want them to know *other* things about you, and therein lies the major problem: Hailstorm will be run by Microsoft. And we all know how pristine Microsoft's track record is for placing the interests of individuals above that of large corporations off of whom Microsoft makes lots of money. Right? So here comes Project Liberty, an "open" alternative to this. They've not much design done yet, I don't think, so we don't know what *specific* goals PL will be aiming towards. But that's good, because it means that this is the exact time for private individuals to be casting their bets on what they think is important: personal privacy and control are good choices there, IMHO. I know that in our New World, it's almost unpatriotic to be concerned about personal privacy, but you know what? That's a wrongheaded, short sighted, and dangerous outlook to have. Our country became something to be proud of, protect, and defend precisely *because* it attempted to secure such liberties to the people against government control, and corporations should be given no extra leash -- they work for *us*, in the final analysis, just like the government. But the most fundamental tenet of Project Liberty's operation must be, for it to succeed, that it will always favor the desires and interests of those one billion people whose identities it likes to tout it's representation of *over* the interests of the corporations with all the money. >From a design standpoint, it must make it possible to break down your information to a sufficiently fine granularity to allow you to authorize access for someone to only the data which you want them to have... and indeed, to make it as difficult as possible for different providers to cross-correlate the information the hold privately about you with one another. (Why do I get my cablemode service from one company, my wireless Internet from someone else, and my cellphone service from yet another company? Because I *can*, and because it one bill is late, I don't get cut off from all three. Do I want to give that flexibility up? Certainly not.) Ensuring that the provision of the convenience of "single-sign on" won't deprive me of rights and conveniences I now have won't necessarily be easy for the Project Liberty folks. But if they don't do it, and stick to it, then I will not -- and you should not -- give them any more quarter than Microsoft. Regardless of whom they have on their side. Jay R. Ashworth, Member of the Technical Staff Baylink, The Suncoast Freenet Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 jra () baylink com
For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Project Liberty: [risks] Risks Digest 21.72 David Farber (Oct 30)