Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Digital ID Policies
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2009 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« June 20, 2003 | Main | June 24, 2003 »

June 23, 2003

Trust and Identity Management

InfoWorld has a special feature this week on the relationship between identity management and privacy. Large organizations have a lot of relationships with customers, trading partners, and employees. Furthermore, in a service economy, digital identity matters and those relationships take the form of a collection of records in databases. This makes tools for identity management more important than ever. The problem is, that doing it right isn't easy.

This article, entitled Trusting ID management technology talks to some of the privacy issues. Some of the first computers in existence were used by banks and this drive to automate hasn't abated, putting financial institutions at the forefront of this problem. Large numbers of transactions and a natural fit on the web have caused banks to create huge repositories of information about their customers. Unfortunately, this has made the issue of privacy all the more important:

"We see the [privacy] problem getting worse. We see the entire financial industry in the U.S. putting their heads between their knees right now hoping the problem is going to go away," says Jim Hurley, vice president and managing director of information security at Boston-based Aberdeen Group. "These guys better get their heads out of the sand, or they're going to be in trouble."

Another industry in a similar situation and just as much in denial is the health care industry. HIPPA mandates a lot of privacy protection, but there's still a lot of people unsure how to proceed and hoping that it will go away. Good identity management can solve many of the issues HIPPA raises.

Some say that its the large collections of data that are the problem, but I think that's one of those statements that looks right on the surface but is fatally flawed in practice. The fact is that secure, private identity management isn't a problem that can be solved a million times. If every department of a larger corporation is in charge of making their own small collection of data secure and private, none of it will be. What's more, it ignores one of the prime drivers of large collections: customer demand. Customers increasingly want to be treated "in total" by the organizations they deal with. When I call up and request DSL service from Qwest I want the DSL division to know I'm a phone customer, all the relevant data about me, and that I pay my bills on time. Of course, at the same time I expect them to not get any information they don't need---like my waist size.

There's an interesting relationship between identity, privacy, trust, risk, and security. I don't need much trust in you to supply you with my zip code so you can personalize your online service to my location. I don't expect much privacy and if someone steals your cookie database with my zip code in it, I'm not out much, if anything--low risk. On the other hand, when it comes to my bank, they hold a lot of sensitive information about me. For example, they not only know my bank balance, they also hold the bits that represent that balance--high risk. I expect a much greater degree of privacy from them and they have to work harder to gain my trust. That trust is based, in part, on the wholly unsubstantiated belief on my part that they run a secure operation. Because of my history with them, I believe them secure until proven otherwise. That will only work for the banks until they start having problems.

04:30 PM | Recommend This | Print This

Bizarre: Now I'm Headless Nick

The Deseret News is running a piece in anticipation of today's release of the follow-up legislative audit which was ordered last November. As usual, its full of half truths, mis-statements, innuendo, and bizarre rumors. The funniest is this one:

"Nobody is going to believe that Windley's influence in state government is not being carried out through his friend, Steve Fulling," one IT employee said. "The guy has been gone for seven months, but his ghost is still there. Everyone is still freaked out about Windley."

This kind of rumor isn't new. I think its funny that these people's world view is so narrow that they actually believe I've got nothing better to do than to continue to run IT in Utah after the State stops paying my salary. Of course, the people feeding these rumors don't really believe I'm still trying to run IT. This is really an attack on Fulling. The more closely Fulling's policies and programs can be tied to me, the more easily they can be discounted without examining their merits. The legislature and the press just play right along.

I do have an interest, as a citizen of the State, in how its run and a special perspective since I see some things as they really are because of my past position. IT in Utah is screwed up and what's screwed up about it is the way a small group of employees manipulate the system to protect their parochial interests. This summer's issues are nothing more than their continued efforts to ensure that they protect their turf and can ride out the rest of their time at the State with their feet up on their desks instead of doing something productive.

Its pathetic that the administration puts up with it, but these guys have been around for 25-35 years and they know the system. The administration is powerless to stop them so everyone just cringes and hopes they won't be the next target. This group knows how to use anonymous letters to the press and the legislature. They know how to stir the employees up with rumors, even ridiculous ones. They smile in your face and tell you they're with you and then go to a meeting with their peers and stab you in the back. They have some powerful allies. All of this protects an IT organization that is about as dysfunctional as any you could find. This is the borg at its finest.

09:40 AM | Recommend This | Print This