I was looking at a NYT article titled Big Data is Opening Doors, but Maybe Too Many. The article discusses some of the unintended uses that the metadata and derived context information and privacy. In particular it talks about its use by the insurance industry…
While reading it, I had to laugh a bit about the "deep fat fryer" search example in the article.
“But to a data miner, tracking your click stream, this hunt could be read as a telltale signal of an unhealthy habit — a data-based prediction that could make its way to a health insurer or potential employer.”
If the search was taking place in the southern part of the US and there was concerned about people looking up topics like frying, they would be totally overwhelmed by the expectation of frying expertise. That doesn't mean that people fry every day, but knowing how (and possibly even being interested in the topic) is an expectation of life.
Being able to understand what is "normal" vs. aberrant behavior is a society issue. I am pretty sure what goes on in many of the big cities and considered normal behavior is defined as rude in rural areas (and vice versa). If insurance companies start using the information like this, it may turn out they turn into specialists for certain societies. If they do, they do – that’s why there is room for competition. This type of risk analysis is at the core of why insurance exists, to deny that insurance is based on the statistcal analysis of behavior is... interesting.
The use of big data techniques can definitely be used to classify and categorize (put structure upon) sets of “unstructured” information, including things like behavior. Let’s hope data scientists can get beyond coloring the analysis with their personal bias.
I found the ITworld article on Four reasons why Do Not Track turned into Do Not Trust an interesting view of the current issues of the “free” internet vs. tracking user behavior (privacy). The Jonathan Mayer article that was referenced Tracking the Trackers: Where Everybody Knows Your Username provides a good overview of some of the techniques that are used to track – even though you as a user didn’t specifically share the information.
It was a few years ago I first did a blog entry on the issue of web tracking. In a way it appears there has been much posturing, but not much progress – except for those doing the tracking who are learning how to track us better every day.
For IT organizations, this issue may come to a head in the near future. Internet business models may need to change, with the possibility of a multi-tiered system based on how much people are willing to pay and how much privacy they are willing to give up. Understanding what your sites are tracking and how it is being used will help you prepare for responding to future issues and legislation.
I will be giving a local government future vision presentation in Arlington, TX next week and one of the areas I’ll touch on is Bring Your Own Device.
My view is that BYOD is coming, not just for their employees but for citizen centric government. It is not a choice but something to prepare for and plan around. Organizations need to review their systems and processes to enable everyone and everything to be connected in a way that is secure yet available anywhere, anytime. Look for opportunities to converge services, connecting them in ways that still support enterprise-class controls.
To be successful, efforts like BYOD need to have defined expectations and metrics. This will allow the effort, the organization, and even the employees to be more agile, since adjustments can be made earlier either to the requirements or the expectations. An incremental approach is going to be required, since one wants or can survive change that is too drastic.
As companies and governments embrace BYOD, content management is critical. After all BYOD is not about devices, but about the information to which the devices will have access. Everyone still has a responsibility to comply with the license terms of their software, protect IP and privacy, meet legislated requirements, and minimize threats to operations. The focus needs to shift away from traditional approaches and move toward personalization and persona management. By using personas, organizations can focus on the devices they own and the information that needs to be protected.
Employees expect their systems to support them with instant results and immediate gratification. Organizations expect the technologies they adopt to provide measurable opportunities and advantages over the way the work was accomplished in the past. BYOD is a banner that employees, constituents and their organizations can stand behind. It is part of a wider range of technology shifts that are underway, that I'll hopefully be able to cover in the session.
I was asked by a co-worker about the top 10 technologies of the decade. I thought about it a bit and came up with nine:
- GPS – Global Positioning devices make it possible to track everything from your car to your dog. It has been incorporated into numerous devices, including almost every mobile phone sold and is now being used it business as well as personal lives.
- Home broadband – Although dialup network connections to the Internet were popular since the 90s, the ability to have a high speed connection to the home was the springboard for social networking. It’s changed the way people find information about everything from current events to how they are going to entertain themselves tonight.
- Genomics – Although the human genome project was completed early in the last decade, the ripple effects will be felt for decades to come as the triggering mechanisms for genes are understood and adjusted, changing some areas of healthcare at a fundamental level. As we live longer, we have a greater chance of needed the outcome of this research as chronic illness becomes normal.
- Memristor – This is an area of research where HP created a new fundamental electronic device that was only theoretically possible. Its impact may not be apparent yet but memristor-based technology has broad applications from static memory to logic circuits and will change computing and electronics for decades to come.
- On demand multimedia – The capabilities of broadband in the home has allowed for the movement of video and audio from CDs and DVDs to streaming. The ability to access almost any content at any time has changed entertainment and how it is provided by both professionals and amateurs and has almost eliminated structuring our lives around when content is available.
- Wireless mobile networking – Although there was some wireless networking available before 2001, the advent of wireless access to the Internet through 2G, 3G and now 4G capabilities has had at least as much impact as broadband networking. It has changed the way people spend their leisure time and settled many arguments before they could start.
- Social Networking – Broadband and wireless networking have changed how people interact at a fundamental level. It is now possible to know where someone is as well as what they’re doing on a moment by moment basis – changing the very definition of privacy.
- Materials – The use of carbon fiber and other new materials have changed the way products are created, making them stronger, lighter and more resilient. These technologies have changed the way products are built and perform ranging from airplanes to swimsuits.
- Nanotech – This innovation is the ability to manipulate matter on the atomic scale. Carbon nanotubes are one example of nanotech and they are working their way into objects ranging from electronics to healthcare and materials. Since materials behave differently at the nano-scale, research in this area allows for modification of fundamental characteristics like hardness, color, conductivity and chemical behavior. This area of research will change nearly every industry in the coming decades. HP is doing research at using nanotech to create new chemical sensing technologies.
What one would you add?
One of the standards that seems to be getting more attention lately is part of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
The standard is about a voluntary system for business and government to provide authentication services. The idea of on-line identity is something the IT industry has been wrestling with for decades and this is an attempt at a unified approach.
The Internet has become indispensable for most, and is now crucial to commerce as well as social connections. It is used to support just about everything we do, yet the security structures have made only minor improvements in decades.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is trying to enable a cyber world - the Identity Ecosystem - that improves upon the passwords currently used to log-in online. It allows people to choose among multiple identity providers - both private and public - that would issue trusted credentials that prove identity to the extent necessary for particular situations. Some of the stated benefits are:
- “Faster: Once you use your credential to start an online session, you would not need to use separate usernames and passwords for each Web site. For example, your computer or cell phone could offer your "trusted ID" to each new site where you want to use the credential. The system would work much like your ATM card works now. By having the card and a PIN you can use your ATM card all over the world. By having a credential and a password you would be able to use your trusted ID at many different sites. This saves you time while enhancing security. No more searching in your drawer for your list of passwords.
- More convenient: Businesses and the government will be able to put services online that have to be conducted in person today like transferring auto titles or signing mortgage documents.
- Safer: Your trust credential will foil most commonly used attacks from hackers and criminals, protecting you against theft and fraud, safeguarding your personal information from cyber criminals.
- Private: This new "identity ecosystem" protects your privacy. Credentials share only the amount of personal information necessary for the transaction. You control what personal information is released, and can ensure that your data is not centralized among service providers.
- Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security. “
These can be summarized in the four guiding principles of the standards effort:
1. "Identity solutions will be privacy-enhancing and voluntary
2. Identity solutions will be secure and resilient
3. Identity solutions will be interoperable
4. Identity solutions will be cost-effective and easy to use"
Most businesses should begin to familiarize themselves with this security standards effort, since there are features useful to almost any industry (like healthcare). There may be other standards coming, but the issues here are useful to understand.