Wednesday Mar 27, 2013

Why You Should Care About Privacy

Author: Phil Hunt

On April 4, at 10am Pacific, Oracle Identity Management (@OracleIDM) will be hosting a twitter conversation on privacy (#PrivQA). I am pleased to confirm that the Ontario Commissioner of Information & Privacy, Dr. Cavoukian will be joining the conversation. In particular, I would like to encourage privacy and security industry folks to participate. For more information, see our recent newsletter Q&A ( with links to her whitepaper on privacy by design (PbD).

Privacy is an issue that has been of concern to myself and many other industry professionals. Most of us continue to be amazed that for the most part, both users and the application developer community simply do not care. When the subject arises, eyes immediately shut with yawns soon to follow. 

Yet, every day, more and more problems emerge in the industry that are leading to monetary and even physical harm. For example, financial fraud appears to be exploding fuelled by easy access to personal information available on social services. Fraudsters combine social demographic information to leverage weak classic communications media like fax and telephone to convince financial institutions to transfer funds ( In another case, access to private information in Google, apparently enabled hackers to compromise Mat Honan's Apple accounts, even remotely wiping out his laptop, iPad, and iPhone ( Here, where I live in BC, there is the sad story of Amanda Todd, who was bullied to the point, she committed suicide. Was this a lack of privacy? Was there a lack of appropriate anonymity? Was this poor system design?  We are only just beginning to understand how far reaching privacy issues can be.

These cases also show there are some interesting relationships between anonymity, privacy, and security that need further exploration. Do I need to be anonymous? I live an honest life, why do I need to keep my personal information private? Why should I care about anonymity? The system is secure right? Nobody asks who is the security intended for. What motivates the service providers? What damages do they face in the event of real losses? We are now discovering that while we may have the best of intentions, the fraudsters out there do not. Boring as the subject of privacy may seem, we should all be worried. We should all care.

Dr. Cavoukian's efforts to get our industry to start thinking about Privacy-by-Design are to be applauded. I'm not sure where this will go, but I'm glad this conversation has started. Remember to join in the twitter conversation on April 4 at 10AM (Twitter hashtag #PrivQA).

About the Writer:

Phil Hunt joined Oracle as part of the November 2005 acquisition of OctetString Inc. where he headed software development for what is now Oracle Virtual Directory. Since joining Oracle, Phil works as CMTS in the Identity Standards group at Oracle where he developed the Kantara Identify Governance Framework and provided significant input to JSR 351. Phil participates in several standards development organizations such as IETF and OASIS working on federation, authorization (OAuth), and provisioning (SCIM) standards.  Phil blogs at and a Twitter handle of @independentid.

Virgin Media Webcast Tomorrow

A quick reminder that tomorrow (Thursday, March 28) at 10 am PDT / 1 pm EDT, experts from Virgin Media, implementation partner aurionPro SENA and Oracle will discuss how Virgin Media successfully enabled secure wi-fi services in London Underground in time for the London Olympics 2012.

Join the webcast to hear hear how Virgin Media, the UK’s first combined provider of broadband, TV, mobile, and home phone services, used Oracle Identity Management, Oracle Virtual Directory, and Oracle Entitlements Server to leverage back-end legacy systems for the project, systems that were never designed to be externalized.

You’ll learn how Virgin Media:

  • Transformed the London Underground deployment into a platform for authorizing other services
  • Reused Oracle Entitlements Server and Oracle Virtual Directory for authorizing customers to view video-on-demand content on their Virgin Media set top boxes
  • Expanded to deliver true place-shifting—allowing subscribers to watch pay-per-view assets from any device, anywhere

As you continue to embrace mobile and social, Oracle Identity Management will become even more important, enabling interaction and securing the experience. Join us and find out how.

Register now for this Webcast, “Virgin Media Takes Identity Management Underground.”

Experts will be at hand to take your questions live. You can also submit the questions via twitter. Direct those to @OracleIDM using #IDMtalk

Webcast:Virgin Media takes Identity Management Underground
Thurs., March 28, 2013
10 a.m. PT / 1 p.m. ET


Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.


« March 2013 »