By Tanu Sood on Mar 27, 2013
Author: Phil Hunt
April 4, at 10am Pacific, Oracle Identity Management (@OracleIDM) will be
hosting a twitter conversation on privacy (#PrivQA). I am pleased to confirm
that the Ontario Commissioner of Information & Privacy, Dr. Cavoukian will be
joining the conversation. In particular, I would like to encourage privacy and
security industry folks to participate. For more information, see our recent
newsletter Q&A (http://www.oracle.com/us/dm/nsl100162749-qadrcavoukian-1919966.html)
with links to her whitepaper on privacy by design (PbD).
Privacy is an issue that has been of concern to myself and many other industry professionals. Most of us continue to be amazed that for the most part, both users and the application developer community simply do not care. When the subject arises, eyes immediately shut with yawns soon to follow.
Yet, every day, more and more problems emerge in the industry that are leading to monetary and even physical harm. For example, financial fraud appears to be exploding fuelled by easy access to personal information available on social services. Fraudsters combine social demographic information to leverage weak classic communications media like fax and telephone to convince financial institutions to transfer funds (http://www.fcac-acfc.gc.ca/eng/consumers/fraud/onlinefraud/social/). In another case, access to private information in Google, apparently enabled hackers to compromise Mat Honan's Apple accounts, even remotely wiping out his laptop, iPad, and iPhone (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/). Here, where I live in BC, there is the sad story of Amanda Todd, who was bullied to the point, she committed suicide. Was this a lack of privacy? Was there a lack of appropriate anonymity? Was this poor system design? We are only just beginning to understand how far reaching privacy issues can be.
These cases also show there are some interesting relationships between anonymity, privacy, and security that need further exploration. Do I need to be anonymous? I live an honest life, why do I need to keep my personal information private? Why should I care about anonymity? The system is secure right? Nobody asks who is the security intended for. What motivates the service providers? What damages do they face in the event of real losses? We are now discovering that while we may have the best of intentions, the fraudsters out there do not. Boring as the subject of privacy may seem, we should all be worried. We should all care.
Dr. Cavoukian's efforts to get our industry to start thinking about Privacy-by-Design are to be applauded. I'm not sure where this will go, but I'm glad this conversation has started. Remember to join in the twitter conversation on April 4 at 10AM (Twitter hashtag #PrivQA).
About the Writer:
Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identify Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards. Phil blogs at www.independentid.com and a Twitter handle of @independentid.