Posts filed under ‘USA’

Showing us a better way

The UK Government’s competition Show Us a Better Way is living up to its name. The competition is run by the Power of Information Taskforce.

The page About This Competition describes it eloquently:

“The government produces masses of information on what is happening around the UK. Information on crime, on health, on education. However, this information is often hidden away in obscure publications or odd corners of websites. Data tucked away like this isn’t of use to the ultimate owner of that information YOU.”

Refreshingly, the government goes on to say, “We’re confident that you’ll have more and better ideas than we ever will.

The Guardian newspaper, which has been campaigning for freeing up government data since 2006, has been an enthusiastic supporter of the competition. With a decent prize pool of £80,000, there has been plenty of interest with over 450 people entering the contest.

In addition to five ideas that need further work and four prototypes that are already running, the judges have announced the five ideas that will be built:
• Can I Recycle It? : recycling information based on post code
• UK Cycling : planning cycling routes
• Catchment Areas : boundaries of school catchment areas
• Location of Postboxes : nearest one to wherever you are
• LooFinder : a mobile texting or website for the nearest public toilet

The first of these, Can I Recycle It, was the overall winner.

A US-equivalent competition, Apps for Democracy, run by the District of Columbia has pulled in 47 submissions over the 30 days it ran.

Clearly, the idea has international appeal for governments. For New Zealand, there are some key messages:

1. While there are already some very good examples of government agencies freeing up their data, such as Statistics NZ’s, Making More Information Freely Available, doing more can unleash much greater creativity. People will themselves work out what problems to solve, where the opportunities are, and ways to add social and/or economic value.

2. The five ideas that emerged winners are all based on geospatial data. Perhaps this reflects the attractiveness of visualisation and the growing popularity of Google Maps. Geospatial data should therefore get priority attention.

3. Governments aren’t typically associated with competitions and cash prizes but, handled right, they could potentially be a viable way to stimulate interest. And, it’s a great way for people to know what data (including formats) the government already makes available.

4. However, even the success of Show Us a Better Way doesn’t imply that all the underlying issues have been resolved. For example, about the time the winners were announced, the Ordinance Survey (which owns all of UK’s mapping data) sent a reminder that its data was free for non-commercial use only. Worse, it ruled out letting people use its data with Google Maps due to licensing issues. This may stall all the five winning ideas. It’s a reminder that licensing, copyright, and pricing all need to be addressed before data is truly free.

5. Also, there is a need to figure out what ‘free’ actually is. Is it the UK-style freely available or the US-style free of cost?

6. This is also a reminder of the non-rival nature of data and information, i.e. one person’s use doesn’t stop others from also using the same data and information for the same or different purpose. Freeing up data can therefore have a multiplier effect since the marginal benefit of providing an extra unit is the sum of the marginal benefits received by each of the individual users.

To go back to the beginning, the Power of Information review highlighted how “The cost-benefit calculations that historically underpinned what information is collected, who can use it, and how it is paid for are rapidly becoming outdated.”

And that raises some opportunities and challenges that New Zealand needs to seize.

[Original post at]

November 17, 2008 at 10:18 pm 1 comment

The next best thing to the next best thing

From the perspective of a person keen to see identity federation the norm, a single federation protocol is the best thing. That allows a focus on the real challenges of federation- the business and process challenges. It relegates arcane discussions about SAML and WS-Federation to the few people who really want to talk about the nuts and bolts.

In reality, that’s probably unachievable. If nothing else, that was the biggest lesson from the ODF vs. OOXML saga.

The next best thing is true interoperability between protocols with standard products supporting multiple protocols out of the box. This doesn’t take away all the costs, complexity, and risks but is still an acceptable outcome.

The next best thing to the next best thing is a major vendor promising to move towards the next best thing. To that end, Microsoft’s announcement that the beta version of Geneva will not only support SAML 2.0 as a token format but also as a single sign-on protocol is very welcome. Geneva is Microsoft’s future identity platform, replacing ADFS (Active Directory Federation Services).

Specifically, Geneva will support the SAML 2.0 Lite/Web SSO profile. Happily enough, it will also support the US Government’s GSA profile which seems to be an attractive offering for US Government agencies.

So, come 2010 or whatever the usual announcement-to-real world deployment cycle takes, deployers of federation can increasingly focus on benefiting from identity portability rather than the underlying technical challenges.


October 30, 2008 at 12:11 am Leave a comment

Freeing the cyber seas

Thoughts of war have been on mind recently. The seduction of using force to achieve just outcomes. The futility of war, in many cases, failing to make a lasting difference in addressing the root cause.

The US had Memorial Day, a day of remembrance for military men and women who laid down their lives. Over here, NZ has Tribute08, a time for the country to say sorry to our Vietnam Vets and welcome them home after decades.

The price of war shows up in various ways, with neither side spared. An example is the 100+ US soldiers who commit suicide each year. Or, the continuing unwillingness in NZ to really face up to the damage that Agent Orange continues to do to Kiwi Vietnam Vets and their families.

That’s the mindset with which I read the article, Freedom of the Cyber Seas, recently.

It takes us back to the late 18th century, when the Barbary States ruled the Mediterranean- seizing cargo from those vessels not protected by the European powers; extorting ransom from those that had not paid the ‘protection fee.’ For the newly independent America, the policy was to appease the pirates. By 1786, Barbary extortion demands totalled $1 million- one-tenth of the U.S. government’s entire budget at the time.

Thomas Jefferson was a proponent of Dutch jurist Hugo Grotius’ Mare Liberum or “free seas” doctrine published in 1609. Once Thomas Jefferson became President in 1801, true to his words, he sent in a group of American warships. Four years later, culminating in the Battle of Derna, the Barbary States were defeated and “free access to the world’s oceans a fundamental component of U.S. sovereignty” was established.

The authors’ purpose is of course not to give us a history lesson. Rather, it is to draw a parallel with “a new version of the high seas–the cyber seas” that threatens US military and economic interests. They call on the US to abandon the policy of appeasement to keep data flowing through global networks without hindrance.

Fortunately, they aren’t advocating what the US Air Force does, “America needs a network that can project power by building an robot network (botnet)… America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.” They thankfully think that respecting international law is a good thing and recommend “policies, legal frameworks and enforcement mechanisms for Internet commerce and communications.”

Their plan is however not without a hard edge. Inspired by the US war on drugs, “the president also must charge an appropriate federal organization with the charter of patrolling the cyber seas–issuing challenges where necessary and taking proactive defensive action to disrupt organized threats. This organization must work closely with the law enforcement and intelligence communities to identify bad actors and devise strategies to exploit the vulnerabilities associated with online criminal activity.”

Even though this is a very US-centric view of the world, it does raise some interesting thoughts and parallels. What is the world going to do about the modern-day pirates? What is the Internet equivalent of the war with the Barbary States (today’s Russia and Eastern Europe)?

And, finally, the sobering thought that piracy on the high seas was not wiped out by a US victory in the Battle of Derna. Far from it as anyone familiar with piracy in the Malacca Straits.

So, what are we going to do? And will there be a lasting solution?

June 1, 2008 at 10:28 pm 1 comment

When is government a Justifiable Party?

A recent article in CR80News called Social networking sites have little to no identity verification got me thinking about the Laws of Identity, specifically Justifiable Parties, “Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.”

The article itself makes points that have been made before, i.e. on social networking sites “there’s no way to tell whether you’re corresponding with a 15-year-old girl or a 32-year-old man…The vast majority of sites don’t do anything to try to confirm the identities of members. The sites also don’t want to absorb the cost of trying to prove the identity of their members. Also, identifying minors is almost impossible because there isn’t enough information out there to authenticate their identity.”

In the US, this has thrown up business opportunities for some companies to act as third party identity verifiers. Examples are Texas-based Entrust, Dallas-based RelyID, and Atlanta-based IDology. They rely on public and financial records databases and, in some cases, government-issued identification as a fallback.

Clearly, these vendors are Justifiable Parties.

What about the government? It is the source of most of the original information. Is the government a Justifiable Party?

In describing the law, Kim Cameron says “Today some governments are thinking of operating digital identity services. It makes sense (and is clearly justifiable) for people to use government-issued identities when doing business with the government. But it will be a cultural matter as to whether, for example, citizens agree it is “necessary and justifiable” for government identities to be used in controlling access to a family wiki or connecting a consumer to her hobby or vice.” [emphasis added]

So, in the US, where there isn’t a high trust relationship between people and the government, the US government would probably not be a Justifiable Party. In other words, if the US government was to try and provide social networking sites with the identity of its members, the law of Justifiable Parties predicts that it would fail.

This is probably no great discovery- most Americans would have said the conclusion is obvious, law of Justifiable Parties or not.

Which then leads to the question of other cultures…are there cultures where government could be a Justifiable Party for social networking sites?

To address, I think it is necessary to distinguish between the requirements of social networking sites that need real-world identity attributes (e.g. age) and the examples that Kim gives- family wiki, connecting a consumer to her hobby or vice- where authentication is required (i.e. it is the same person each time without a reliance on real-world attributes).

Now, I think government does have a role to play in verifying real-world identity attributes like age. It is after all the authoritative source of that information. If a person makes an age claim and government accepts it, government-issued documents reflects the accepted claim as, what I call, an authoritative assertion that other parties accept.

The question then is whether in some high trust societies, where there is a sufficiently high trust relationship between society and government, can the government be a Justifiable Party in verifying the identity (or identity attributes such as age alone) for the members of social networking societies?

I believe that the answer is yes. Specifically, in New Zealand where this trust relationship exists, I believe it is right and proper for government to play this role. It is of course subject to many caveats, such as devising a privacy-protective system for the verification of identity or identity attributes and understanding the power of choice.

In NZ, igovt provides this. During public consultation held late last year about igovt, people were asked whether they would like to use the service to verify their identity to the private sector (in addition to government agencies). In other words, is government a Justifiable Party?

The results from the public consultation are due soon and will provide the answer. Based on the media coverage of igovt so far, I think the answer, for NZ, will be yes, government is a Justifiable Party.

April 2, 2008 at 10:54 pm 2 comments

US: Admiring the TSA

Blogs and government aren’t a natural fit. The open, bi-directional flow of information in blogs contrasts with the carefully controlled, uni-directional flow of information that governments are typically associated with.

The US Air Force case is the norm. According to Wired, “The Air Force is tightening restrictions on which blogs its troops can read, cutting off access to just about any independent site with the word “blog” in its web address.” Ironically, according to online audits conducted by the US Army, official Defense Department websites post material far more potentially harmful than anything found on soldiers’ blogs.

That’s where the Homeland Security’s Transportation Security Administration (TSA) comes in. TSA is commonly associated with passenger and baggage screening at US airports, a role that is hardly going to endear them to most people. There has been any number of criticisms over their operations, not the least of which is indulging in security theatre.

It’s probably the last organisation that you’d think of running a blog. Not only do they have a blog, they have a great, open blog. The stated purpose is “to facilitate an ongoing dialogue on innovations in security, technology and the checkpoint screening process.”

For TSA it is reasonable to have a moderated blog and certainly their Comment Policy is both sensible and fair. Still, it would be justified for people to be a bit cynical about just how open the TSA’s blog would be to comments.

Yet, they are. Take the case of their latest post The Truth Behind the Title: Behavior Detection Officer. It has attracted 90 comments so far, most of which are far from complimentary. A typical pithy one is, “This program is a complete waste of time and money. I can’t believe we’re paying for this.”

Others provide more measured criticism (“TSA, what’s the false hit rate for this program?”) and a few are supportive.

Despite a lot of justified criticism against the TSA, I’ve got to, reluctantly, praise them for their willingness to engage with people openly. In my book, that’s admirable.

March 4, 2008 at 11:33 pm 5 comments

The power of choice

Over the past few days, the topic of choice has coincidentally come up several times. I mean real choice, not something compulsory dressed up as choice.

My favourite example of “no choice” choice is the I-94W form. People from Visa Waiver countries, such as New Zealand, fill this up on arrival in USA. It’s got a beauty in the fine print, “I hereby waive any rights to review of appeal of an immigration officer’s determination as to my admissibility, or to contest, other than on the basis of an application for asylum, any action in deportation.” Why have laws that give people rights and then ask them to sign a form giving up those rights as a pre-condition to accepting the form? Do I really have a choice?

No, the kind of choice I’m talking about is the personal details that people choose to disclose in social networking sites. People choosing to get chipped to avoid the hassle of carrying a security card to enter a work site. The kind of free choice associated with appearing on a reality show or those mid-morning talk shows.

The point is that if these people had no choice, if a thing is mandatory, then there would be a massive violation of their privacy. So, consideration of choice is central to privacy.

That makes it a target for subversion, such as the US example. There are also issues of informed choice, applying one’s mind, and allowing for people to make different choices.

The centrality of choice was highlighted in the The Economist’s Special Report on identity, “Identity Parade.” The article makes the important point that “The hard lesson for governments is that citizens will adopt technology when it is both optional and beneficial to them, but resist it strenuously when it is compulsory, no matter how sensible it may seem.”

An example used in the article is the choice people make for the sake of convenience when entering Dubai, “Ask the average traveller from a developed country whether he would like to be fingerprinted by an authoritarian regime and have the results stored indefinitely in its computer, and he will probably say no. But when such procedures save time, scruples go out of the window.”

Making something compulsory triggers a mindset of overcoming a hurdle. Making it opt-in gets people making conscious or unconscious evaluation of costs, benefits, and risks.

And that is the power of choice.

February 29, 2008 at 10:04 pm 4 comments

NZ: how big is identity theft?

Just how big a problem identity theft is in New Zealand has been a barren debate so far. In the absence of official statistics and research, the debate has largely been opinions vs. extrapolation of overseas data.

That makes the report “The Experience of E-Crime, Findings from the New Zealand Crime and Safety Survey 2006” for the Ministry of Justice very welcome even though it seems to only cover a sub-set of the wider identity theft and identity fraud problems.

A nationally representative random sample of 5,400 people was surveyed between February and June 2006. Chapter 4 of the report presents the findings on identity theft in two categories:

– Of card users, 2.3% said that somebody had used a credit, bank or debit card or card number, without permission, to steal from them.

1.1% reported that someone had misused personal information about them to obtain new credit cards or loans, run up debts, open other accounts, or otherwise commit theft, fraud, or some other crime.

– Overall, 2.8% reported that one or the other of the two forms of identity theft they were asked about had occurred once or more and 0.4% of respondents reported both forms of identity theft.

Now, 2.8% extrapolated to the NZ population equates to about 93,000 people aged 15 or more that have suffered from credit card fraud or identity fraud during the January 2005 to June 2006 period.

It is interesting to see how this compares with results from other countries.

However, a great deal of caution is required due to the differences in terminology and the varying definitions of identity theft / identity fraud. In fact, the NZ Police website has a good, clear differentiation between identity theft and identity fraud.

Various reports from the US put the number of US adult victims of identity fraud in the region of 8.5-9 million in 2007. This amounts to about 3.2% of the US population aged 15 or more which isn’t drastically different than the 2.8%.

The 2006 KPMG Fraud Survey however tells a different story from the perspective of NZ and Australia businesses:

– 61% of respondents believed fraud was a major problem for business.

– Amongst 2,146 of Australia and New Zealand’s largest organisations across the public and private sectors, respondents reported 546 cases of identity fraud.

So, if about 3% of the country’s adult population is a victim of identity theft each year and 3 out of 5 large organisations believe it is a major problem, is it a problem that is a priority to address? I believe it is.

February 8, 2008 at 11:39 pm 5 comments

Older Posts

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter