Mr. Banisar,

Some thoughts on your excellent article.

It wasn?t too long ago that Norman Rockwell?s pictures confirmed our experiences of life in America. Images of family physicians making house calls. Local pharmacists, policemen, parish priests and neighborhood grocers caring for our wants and needs. All knew us personally. Our distinctly unique personality, needs and preferences. There was a sense of community & relationship. Familiarity. Trust. Based upon shared experience, values and human contact. And while these people often knew the most intimate details of our lives, good and bad, we knew our secrets were safe. There was an implied stewardship of sensitive information with protection for our individuality. Despite possible indiscretions, we slept safe in the knowledge our secrets would not be broadcast for all the world to know. Yes, there was gossip. Idle at best, malicious at worst. Still, only the most heinous or egregious of behavior would cause our being ostracized. Even at the height of the Industrial age, personalization was a fact of life but personalization free of the threat of privacy invasion and loss of identity. There was value attached to that personalization. Value inherent in the very fact of relationship. Value we gladly paid for.

With the advent of the Information Age and our increasingly rapid pace of life, reliance on technology to stay connected and our uprootedness; personalization gave way to mass marketing. The familiar, trusted icons of the past disappeared; replaced by chain stores, franchises & malls staffed with people we didn?t know. And couldn?t trust. As there was no relationship, value was commoditized and based upon price alone. There was neither time nor tools to teach the giant chains our individual wants and needs. High tech, however, breeds a deep longing for high touch. Low prices & location convenience were nice. But something was missing, the recognition and protection of our individuality and privacy by the very people who served our needs. So, relationships changed. Instead of open, honest discourse based upon shared experience and values, our relationships became adversarial. Based upon transactions and contracts rather than trust.

Now comes the Internet and sophisticated software tools that allow us to monitor, collect and interpret every aspect of our personal and public lives. Organizations recognize the inherent value of relationship and seize upon these tools to re-personalize their relationship with us. To make themselves friendlier and easier to do business with; more trustworthy. Yet, as with all technology, the law of ?unintended consequences? appears. What you know about me can be used against me as easily as for me. Technology removes the human interaction ?clues? needed for trust. Thus, there is a greater need for protection since the only minority is the individual. And mountains of personal information about me; stored, maintained, mined and controlled by giant organizations pose a serious threat. There?s my real identity and my electronic identity (e-ID). In today?s world, they?re virtually interchangeable (no pun intended). And while exclusive ownership of my unique real identity goes unquestioned, the same cannot be said for my e-ID. If you don?t believe this, you have only to review the numerous horror stories regarding theft of a person?s e-ID to recognize the essential truth of the matter. The recent case of identity theft of International golf star Tiger Woods is only one of the most dramatic if not exceptional examples.

Rights prevent abuse of power by the majority against the individual. Human nature being what it is, fear, greed and power conspire to misuse the very tools we seek to serve us.

There is protection in the real world for a person?s individuality & identity, the US Constitution?s Bill of Rights. What?s needed is a similar

?Privacy Bill of Rights?

1) Right to establish relationships. (The right to free assembly or forming and joining cyber communities of like minded individuals)

2) Right to keep and bear ?arms?. (The right to defend my privacy and identity through anonymity and encryption)

3) Right to e-ID exclusive ownership and use unless expressly granted to another. (Morally and ethically only I can own and use my own identity, both real and electronic. Only I can assign that right)

4) Right to freedom from illegal search or seizure of my e-ID. (There is NO such thing as a public e-ID and the fact that companies or governments have ?collected and mined? my information does NOT make it theirs)

5) Right to determine when, how and with whom my e-ID is used. (?Express permission only? use is the rule, not the exception. And that permission is on a case by case basis for a designated time and purpose)

6) Right to a speedy and public trial for criminal misuse of my e-ID. (Real courts deliver speedy justice for violation of individual rights, there should be NO difference with e-ID rights)

7) Right to trial by jury for accusations of criminal use of my e-ID. (I receive presumed innocence in the real world, so should I in the electronic world)

8) Right to free and unrestricted e-ID use not constrained by taxes, fines, fees, regulations or unusual bureaucratic encumbrances. (Freedom of movement exists in the real world, it should in the cyber world also)

9) Rights not enumerated for my e-ID are retained by me. (Rights are inherent, not granted. And always changing with the changing nature of the threat. Our founders could not have imagined the nature of threats we face against our personal liberty today. But they well understood the nature of abuse of power by the many against the individual)

10) Rights not expressly given to government are retained by me. (Our U.S. government exists for and by the people. Not in spite of or in contravention to the people)

While organizations and governments may criticize these rights and bemoan the cost or difficulty of adhering to them, I believe a straightforward solution exists. Industry self-regulation is laudable but unlikely, a fox guarding the hen house. Government intervention is probable but most certainly onerous. Like the camel?s nose in the tent, we invite government intervention at our own peril. My suggestion? Personal responsibility. The creation of personal e-ID encrypted software. We create our own electronic persona. Soon, with 3D animated face attached, (think holographic photo ID credit cards) similar to the biomechanical modeling of user?s photos generating digital personas like those from LifeF/X, Inc., http://www.lifefx.com/. Coupled with biometric fingerprint identity verification at the user?s origin (now available integrated with mouse products) and Transactional entitlement like Entegrity Solutions Corp?s, http://www2.entegrity.com/ software for the ability to change access rights on the fly by dynamically delivering policies, we can create identities extremely difficult to track and steal.

This persona should reside on each person?s PC where organizations and governments would request permission for use. This way, we will know who wants to collect, monitor and use our e-ID, and why.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/213/5828#5828