IP: Project Liberty: [risks] Risks Digest 21.72

[David Farber <dave () farber net>]

> Date: Tue, 23 Oct 2001 14:17:16 -0400
> From: "Jay R. Ashworth" <jra () baylink com>
> Subject: Project Liberty
>
> In last week's Linux Weekly News, there was some preliminary coverage of
> Project Liberty, an "open" alternative to Microsoft's Hailstorm, which is --
> very roughly -- an a attempt to embed Passport into everything on the
> planet.
>
> The short version is: a repository of information about your person, life,
> and preferences which can be accessed by people and companies you authorise,
> to provide authentication that you are you, and information about, for
> example, your purchase default desires (credit-card numbers, which card to
> use, do you prefer first class or coach, etc).
>
> Now, this is, fundamentally, not an especially bad idea.
>
> But how it is implemented is -- given the sort of information which it might
> end up holding -- pretty crucial to your personal privacy: do you want
> anyone except your doctor and your pharmacist knowing that you have a
> prescription for protease inhibitors?  (Drugs used to control AIDS and
> related conditions.)
>
> You probably don't even want your *health insurer* to know that, even though
> perhaps you want them to know *other* things about you, and therein lies the
> major problem:
>
> Hailstorm will be run by Microsoft.
>
> And we all know how pristine Microsoft's track record is for placing the
> interests of individuals above that of large corporations off of whom
> Microsoft makes lots of money.  Right?
>
> So here comes Project Liberty, an "open" alternative to this. They've not
> much design done yet, I don't think, so we don't know what *specific* goals
> PL will be aiming towards. But that's good, because it means that this is
> the exact time for private individuals to be casting their bets on what they
> think is important: personal privacy and control are good choices there,
> IMHO.
>
> I know that in our New World, it's almost unpatriotic to be concerned about
> personal privacy, but you know what?  That's a wrongheaded, short sighted,
> and dangerous outlook to have.  Our country became something to be proud of,
> protect, and defend precisely *because* it attempted to secure such
> liberties to the people against government control, and corporations should
> be given no extra leash -- they work for *us*, in the final analysis, just
> like the government.
>
> But the most fundamental tenet of Project Liberty's operation must be, for
> it to succeed, that it will always favor the desires and interests of those
> one billion people whose identities it likes to tout it's representation of
> *over* the interests of the corporations with all the money.
>
> >From a design standpoint, it must make it possible to break down your
> information to a sufficiently fine granularity to allow you to authorize
> access for someone to only the data which you want them to have... and
> indeed, to make it as difficult as possible for different providers to
> cross-correlate the information the hold privately about you with one
> another.  (Why do I get my cablemode service from one company, my wireless
> Internet from someone else, and my cellphone service from yet another
> company?  Because I *can*, and because it one bill is late, I don't get cut
> off from all three.  Do I want to give that flexibility up?  Certainly not.)
>
> Ensuring that the provision of the convenience of "single-sign on" won't
> deprive me of rights and conveniences I now have won't necessarily be easy
> for the Project Liberty folks.
>
> But if they don't do it, and stick to it, then I will not -- and you should
> not -- give them any more quarter than Microsoft.  Regardless of whom they
> have on their side.
>
> Jay R. Ashworth, Member of the Technical Staff Baylink, The Suncoast Freenet
> Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 jra () baylink com


For archives see:
http://www.interesting-people.org/archives/interesting-people/