It really is not about ownership of identity data
by Eric Norlin, Digital ID World
Wed, 2008-01-09 15:08

A new group has formed around the subject of Data Portability. The genesis of the group really lies in all of the "social graph" talk that's been happening of late. If you haven't had 13 hours a day to follow that story, let me recap: Brad Fitzpatrick (now of Google) and David Recordon (now of Six Apart) wrote a bit of a position paper about how the "social graph" (your personal network and the data on it) should be "open" -- ie, not locked in the silos of whatever Gmail, Yahoo! or MSN account you happen to be using.

Fast forward through a lot of buzz and hype (and Google announcing OpenSocial), and you get to the folks that have put together a working group around "data portability." The idea is essentially the same: you should be able to easily move your data from one silo to another.

In principle, it is, of course, a great idea. And one that I'm sure the blogosphere won't let die easily (they can be a persistent and cantankerous bunch). The problem lies in getting all of the giants (Google, Yahoo!, Facebook, Microsoft, even LinkedIn) to allow this happen, since much of their business model is built *around* silo'ing "your" data. (To be fair, some of those giants have joined this working group and made supportive statements in the past, but still...)

If this group is to move forward, they should begin by learning a lesson from the folks that have been talking identity for a decade: Do not fall into the rabbit hole of "ownership." Of course, this is already happening. Invariably, when you talk about data portability, the libertarian in the geek-o-sphere steps forward to proclaim "ownership" over "their data." In reality, the issue is *never* that black and white. Do I own my name? Probably. Do I own the transaction history that I've incurred during my account tenure with Amazon? Eh - that's a little tougher.

The problem is "ownership." Identity data (or social graph data or whatever) cannot and should not be couched in terms of personal property. It should be thought of in terms of "control" -- I control the ability to move that data. Or in cases where I do not have an absolute right to that control, I have negotiated a relationship of control.

That avenue is one of many shades of gray -- and I suspect the real reason that engineers hate to walk down it: coding shades of gray is an ugly business. Nonetheless, we'll know a lot about the possible success of data portability by whether or not they get "stuck" talking about ownership.

How is this relevant to the C-level tech executive? See my last entry on "consent management" and start preparing for the day that an employee tells you they own some piece of "their data" inside of your firewall.

--Eric Norlin

» read more from Eric Norlin | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast