RIP David Foster Wallace

I really enjoy David Foster Wallace’s writing: the short stuff and the long stuff.  Dead, apparently at his own hand, his writing genius is no longer among us.  Rest well David.

I didn’t really like the title of this post and thus I changed it.  I never really got the sense that DFW was toying with his readers and laughing as they struggled through his works.  That being said I do feel like he had a real sense that his readers were out there nearly close enough to touch.

Currently, McSweeney’s is collecting people’s memories and stories about his.  Check it out.

Sense of humor in the iPhone dev team

I am updating my iPhone to 2.1 and just saw the following scroll by in the logs:

MobileDevice: AMDeviceConnect: This is not the droid you’re looking for.  Move along, move along

This combined with the return of PhoneSaber is too much geekery for one day.

Thinking about Matt’s Simple Question: Correlating accounts and people

Matt Hamlin, over at Sun, mentioned a conversation we had last week about a topic in identity management which doesn’t usually get a lot of airtime: the correlation of accounts to people.  The exercise is the first step in answering Matt’s simple question of “Who has access to what?”  Matt writes:

This step is the foundation for Access Certification, Role Mining, Entitlements Management, Policy Evaluation, Identity Auditing, and numerous other custom services developed by our customers.

There were two major omissions in his list: password management and user provisioning.  The reality is the correlating of accounts to people is a requirement for all identity management exercises.  This correlation isn’t glamorous work and isn’t a one time affair.  None the less, it is crucial “Identity Gold” for identity management projects, but also as the foundation for risk mitigation exercises as well.

Here’s a tip to enterprises out there – ask your software vendors and deployment teams what capabilities they have to help facilitate this correlation.  Ask early and before you start down the path of an identity project.  Make it an on-going process governed by your overall identity management program.

I’ll be touching on this a bit in an upcoming Telebriefing I am doing.  On October 1st and 2nd, I’ll be giving a sneak peak of my research on access certification and will cover this and other topics.  If you are a Burton Group subscriber, you should check it out.  If you aren’t a BG customer, you should become one.  😉

Trip report from the Privacy Symposium

This is a cross-post from Burton Group’s Identity Blog.

BTW, I am moderating a panel at Defrag. If you use “ig1” as a registration code, you get $200 off the registration fee. Hope to see you there!

A few weeks ago I was up in Cambridge at the Privacy Summer Symposium.  Gathered together on Harvard’s campus were a collection of lawyers, activists, government officials, and privacy officers discussing various aspects of privacy.  It was certainly a bit of a change for me to be in a non-tech heavy conference.  Besides hearing people like the chairman of the FTC, William Kovacic, speak, I got to witness the launch of EPIC’s Privacy ’08 campaign.  Further, I got to hear Jeffery Rosen share his thoughts on potential privacy “Chernobyls,” events and trends that will fundamentally alter our privacy in the next 3 to 10 years.

Privacy Chernobyl #1 – Targeted Ads

We’ve already seen enough concern over targeted ads to trigger Congressional hearings.  The Energy and Commerce Committee in the House has been asking ISPs and advertising providers to answer questions as to how they track and use clickstream data. Not be left out, the EU has notified the UK that it must respond to an inquiry whether the Phorm system violated EU data privacy laws.  From NebuAd to Phorm to DoubleClick and beyond, targeted ads are getting more and more targeted.  The real concern for Rosen is the downstream use of the collected clickstream data.  For example, my ISP may not directly do anything overly odious with the information about which sites I visit, but if they sell that information, the 2nd and 3rd generation data users may bit a more nefarious.

Privacy Chernobyl #2 – Personally identifiable search term leak

The knowledge of who I am and what I search for can be used in a variety of ways: from serving voyeuristic desires to putting me in a compromising situation.  Without being able to provide the context for the searches, I could be judged by a people like a potential employer, dating service, or insurance provider unfairly, and these judgments can have a real impact on my life.  As YouTube has to disclose data for its court case, I have to imagine there are some people who really don’t want identifiable searches being disclosed into the public record.  As more and more of our web browsing is search driven, the potential impact of this problem will only grow.

Privacy Chernobyl #3 – Unexpected data exposure on Facebook

There are two concerns to this issue.  The first concern is one that Rosen categorized as data exposure in unexpected ways.  I may have tailored my Facebook profile’s privacy settings to what I think strikes a decent balance between my desire to connect to people and maintaining some level of privacy.  But what is unclear is how Facebook application developers are using my data, including clickstream data.  I don’t expect to hear a friend tell me that I “friended” a product whose ad appeared in Facebook for her, and I certainly never want to hear that this has happened.

Continue reading “Trip report from the Privacy Symposium”