Posts filed under ‘Web_2.0’

Street View is here

Thank you, oh Google God, for giving us our Street View. We have been waiting for your bounty and you’ve delivered.

Om Tat Sat Paravastu. This is a Hindu prayer that, back in my boarding school days, we were required to say before every meal. On the rare occasion that there was a special spread of good stuff, the boys would say the prayer with some real feeling before jumping in.

And Street View has a spread of good stuff.

Like many others, first thing to look at was our house. No laundry; grass cut; nothing special. Check. Next, the office. Nothing to embarrass me. Check. Onto the goodies. So many things to look at, so little time. A good one is Lake Wakatipu in Queenstown, one of the best holiday places ever.

The Street View of our house has our car prominently featured. Zooming in, I couldn’t make out the numbers on the licence plate. So I “drove” through the Mount Vic tunnel. The angle for looking at licence plates is perfect. But, true to their word, it isn’t possible to make out the licence plates.

Indeed, Google has handled the privacy angle really well. They seem to have learned from previous experiences of privacy concerns with Street View in other countries.

Google got the basics right, such as blurring faces and providing an easy tool for people to report inappropriate images. For good measure, they also got an endorsement from the Privacy Commissioner. And the media help set expectations by quoting John Edwards as saying, “under New Zealand law, people did not have a reasonable expectation of privacy while in public.”

The enormity of photographing an entire country and making it freely available is staggering. Stuff on this scale, and that too with enormous public good benefits, is associated with governments, not ten year old companies.

So I thought the kids would be blown away. Nah, they were disappointed that the images weren’t real-time. God, are you listening?


December 2, 2008 at 10:25 pm 7 comments

Showing us a better way

The UK Government’s competition Show Us a Better Way is living up to its name. The competition is run by the Power of Information Taskforce.

The page About This Competition describes it eloquently:

“The government produces masses of information on what is happening around the UK. Information on crime, on health, on education. However, this information is often hidden away in obscure publications or odd corners of websites. Data tucked away like this isn’t of use to the ultimate owner of that information YOU.”

Refreshingly, the government goes on to say, “We’re confident that you’ll have more and better ideas than we ever will.

The Guardian newspaper, which has been campaigning for freeing up government data since 2006, has been an enthusiastic supporter of the competition. With a decent prize pool of £80,000, there has been plenty of interest with over 450 people entering the contest.

In addition to five ideas that need further work and four prototypes that are already running, the judges have announced the five ideas that will be built:
• Can I Recycle It? : recycling information based on post code
• UK Cycling : planning cycling routes
• Catchment Areas : boundaries of school catchment areas
• Location of Postboxes : nearest one to wherever you are
• LooFinder : a mobile texting or website for the nearest public toilet

The first of these, Can I Recycle It, was the overall winner.

A US-equivalent competition, Apps for Democracy, run by the District of Columbia has pulled in 47 submissions over the 30 days it ran.

Clearly, the idea has international appeal for governments. For New Zealand, there are some key messages:

1. While there are already some very good examples of government agencies freeing up their data, such as Statistics NZ’s, Making More Information Freely Available, doing more can unleash much greater creativity. People will themselves work out what problems to solve, where the opportunities are, and ways to add social and/or economic value.

2. The five ideas that emerged winners are all based on geospatial data. Perhaps this reflects the attractiveness of visualisation and the growing popularity of Google Maps. Geospatial data should therefore get priority attention.

3. Governments aren’t typically associated with competitions and cash prizes but, handled right, they could potentially be a viable way to stimulate interest. And, it’s a great way for people to know what data (including formats) the government already makes available.

4. However, even the success of Show Us a Better Way doesn’t imply that all the underlying issues have been resolved. For example, about the time the winners were announced, the Ordinance Survey (which owns all of UK’s mapping data) sent a reminder that its data was free for non-commercial use only. Worse, it ruled out letting people use its data with Google Maps due to licensing issues. This may stall all the five winning ideas. It’s a reminder that licensing, copyright, and pricing all need to be addressed before data is truly free.

5. Also, there is a need to figure out what ‘free’ actually is. Is it the UK-style freely available or the US-style free of cost?

6. This is also a reminder of the non-rival nature of data and information, i.e. one person’s use doesn’t stop others from also using the same data and information for the same or different purpose. Freeing up data can therefore have a multiplier effect since the marginal benefit of providing an extra unit is the sum of the marginal benefits received by each of the individual users.

To go back to the beginning, the Power of Information review highlighted how “The cost-benefit calculations that historically underpinned what information is collected, who can use it, and how it is paid for are rapidly becoming outdated.”

And that raises some opportunities and challenges that New Zealand needs to seize.

[Original post at]

November 17, 2008 at 10:18 pm 1 comment

Anonymous, an Internet meme

On the Internet, Anonymous has become a badge, a group, an idea. It’s all a bit nebulous really. It could quickly just fizzle out. On the other hand, it might just be the start of something new, something big, an emergent phenomenon.

Let’s start with meme. According to Wikipedia, a meme is an “idea or behaviour that can pass from one person to another by learning or imitation.” Examples of memes include ideas, theories, practices, fashions, habits, etc. The word was coined by Richard Dawkins in 1976 that has caught on as “a convenient way of discussing a piece of thought copied from person to person.”

Next, Internet memes. Again, according to Wikipedia, an Internet meme is “used to describe a catchphrase or concept that spreads quickly from person to person via the Internet.” There is a very interesting timeline of Internet memes that has some of the great viral distractions that the Internet has spawned. Have a look but be warned that it can hook you for hours. Like George Bush and Google. Or, the Star Wars political commercial.

Most people are familiar with the use of anonymous as a default name for a person on the Internet whose identity is unknown. Post a comment without identifying yourself and it’s likely to be accredited to anonymous.

But then anonymous began emerging as Anonymous, a sort of an in-joke. Many people think it originated from the site 4chan, an image-based bulletin board where anyone can post comments and share images anonymously. Definitely not for the faint-hearted. Almost anything is acceptable. That’s led to a clique with their own language, norms, jokes, values… culture?

In turn, that’s led to a movement on the Internet, perhaps one that can be best described as an Internet meme.

In an often-quoted article in the Baltimore City Paper called Serious Business, “anons” are linked with repeated attacks on the Church of Scientology, called Project Chanology, “a battle that pits an anarchic, leaderless group of mostly young and tech-savvy activists organized through online forums and chat rooms against a religion formed in the 1950s whose adherents believe a science-fiction writer laid down the course to world salvation.”

Their words are ominous, “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”

Anonymous has been linked with more attacks. Such as a DDoS attack on the SSOH (Support Online Hip Hop) website; even the attack on Republican vice presidential candidate Sarah Palin’s personal Yahoo! Mail email account.

Anonymous has now become a movement, a moniker for a wide range of leader-less groups, from fringe elements on a path of reckless destruction to activists united in a sort of superconsciousness.

It could amount to nothing, a passing ripple in Internet history. Or, it could also become something far more potent, such as a rallying cry for the anti-establishment, a new breed of cyber-vigilantes.

In many ways, Anonymous is the child of the Internet. Do we get the children we deserve?

September 25, 2008 at 11:59 pm Leave a comment

Esther Dyson on privacy

With so much happening around the world- the financial markets, politics, rugby (Union and League) – it seems terribly mundane to be writing about identity and privacy issues. C’est la vie!

It’s interesting to see that a leading magazine such as Scientific American focus on The Future of Privacy as the theme for its September issue. Another sign of privacy becoming a mainstream issue.

There seems to be a lot of interesting articles but the one that I picked first was How Loss of Privacy May Mean Loss of Security. Besides the title, what drew me was that the author is Esther Dyson. What’s so special about her? Lots of stuff that you can Google but the one fascinating fact is that, for the Personal Genome Project, she and nine other people will post their full genome sequences and accompanying health information online.

She remarked that “I was recently in the market for health insurance. I asked my insurance broker if he would like a copy of my genome, and he politely declined.”

Undoubtedly a person who’s going to have some radical views about privacy…and the article has some gems.

For example, perhaps linked to the above, her view is that “the coming flood of medical and genetic information is likely to change the very nature of health insurance.” She doesn’t see this as requiring a privacy trade-off. Instead, she believes the problem is making cheap and plentiful health insurance available balanced by “mandating subsidies paid by society to provide affordable insurance to those whose high health risks would otherwise make their insurance premiums or treatment prohibitively expensive.”

Hmmm…so how is cheap and plentiful health insurance actually going to be made available in the first place?

She asks the question “What is the best way to limit government power?” The answer seems hard to swallow, “Not so much by rules that protect the privacy of individuals, which the government may decline to observe or enforce, but by rules that limit the privacy of the government and of government officials.”

Another suggestion seems better, “We should be able to monitor what the government does with our personal data and to audit (through representatives) the processes for managing the data and keeping them secure.”

On information privacy in general, while not new, she puts it elegantly, “Much of the privacy that people took for granted in the past was a by-product of friction in finding and assembling information. That friction is mostly gone.”

She goes on to say that, “Rather than attempting to define privacy for all, society should give individuals the tools to control the use and spread of their data.” Disappointingly, the tools she praises are the very limited access controls that Facebook and Flickr provide.

If that’s the best tools we’re going to get, I think we’ve got a long, long way to go before loss of privacy isn’t a mainstream issue any longer!

September 17, 2008 at 11:01 pm Leave a comment

Semantic Web & OAuth

I must confess that for a long time I never got this semantic web thing. Now, with the zeal of the recently converted, I see possibilities everywhere.

Part of the reason it took time was an automatic reaction against something being called Web 3.0 (or is it 4.0?). I’m still trying to really understand Web 2.0. Learning about the next big thing could always wait.

Another reason was how early enthusiasts described the semantic web. Calling it the machine readable web doesn’t even begin to make sense.

As far back as 1999, Tim Berners-Lee in Weaving the Web said, “I have a dream for the Web [in which computers] become capable of analyzing all the data on the Web – the content, links, and transactions between people and computers. A ‘Semantic Web’, which should make this possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade, bureaucracy and our daily lives will be handled by machines talking to machines. The ‘intelligent agents’ people have touted for ages will finally materialize.”

Now that’s visionary. Even today, I’m barely beginning to understand that vision.

Thankfully, and perhaps ironically, the very Web 2.0 service Slideshare has some presentations that explain things in a way that we mere mortals can understand. My first pick are the two presentations from Freek Bijl- the first one covers the basics and the second one the technologies. Another one is from Marta Strikland called The Evolution of Web 3.0. This has a great Web 3.0 Meme Map on slide 15 and a comparative list of Web 2.0 and 3.0 on slide 27.

Being more of a graphics person, the final aha came from the one below, thanks to Project 10x (also worth looking at is the original Semantic Social Computing presentation from Mills Davis).

With the semantic web also comes a whole new set of acronyms. A starter list is RDF, SPARQL, SWRL, XFN, OWL, and OAuth. In particular, OAuth being the authentication one is interesting.

OAuth is described as “An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.” The basic promise is attractive- access to data while still protecting the account credentials. That has the advantage of not requiring people to give up their usernames and passwords to get access to their data. OAuth is a much-improved version of closed proprietary protocols such as Flickr’s API. Importantly, it has support for non-browser access such as desktop applications and mobile services.

So, what are the practical applications of the semantic web? Within the government space, a clear winner is being able to automate the collection of data from multiple government websites and search, filter, or otherwise manipulate the result.

As a simple example, if all government websites had the contact details of their media contact using hCard, it would be easy to have an always up-to-date list that can be displayed, indexed, searched, loaded into an address book, mapped, etc. Even as a relatively simple first step, this would be a big step forward for government.

September 3, 2008 at 11:43 pm Leave a comment

Your digital shadow

I’ve been taking a break from blogging- holiday as well as presenting at/attending AusCERT.

One of the interesting things over this period was the Radio New Zealand broadcast of The Digital Shadow (audio, approx. 28 minutes). It looked at the digital tracks that people leave behind in their everyday lives.

The broadcast starts with an interesting observation, “For the first time the amount of digital information generated about us is exceeding the information created by us.” And, there’s a lot of it- digital information about you but not by you. This is our digital shadow.

An interesting nugget in the broadcast is that Wellington City Council has only 3 CCTVs at present. I thought they’d have many more as CCTVs seem to be the weapon of choice for city authorities around the world. Not so surprisingly, the 3 CCTV cameras in Wellington are in a continuous recording loop but are only actively monitored during major events.

The broadcast also features Dick Hardt and Eve Maler discussing the collection of personal information while people are online.

Right at the end- the last 6 minutes- is the reason why I dug out the recording in the first place. As I mentioned previously, for the Government track at the Identity Conference in Wellington, we had four students start off by debating the relative importance of digital and physical identity in the future. The idea was to hear first-hand the views of future users of government online services.

These students were subsequently interviewed by Radio New Zealand and their views are featured in the last part of the broadcast. Fascinating stuff, especially about Facebook and Bebo. Worth a listen.

May 27, 2008 at 12:20 am 1 comment

Privacy and government as a Justifiable Party

In response to my post When is government a Justifiable Party? Kim Cameron expressed some concerns. In summary, these were creating an attractive target for hackers; the collapsing of “previously independent contexts together”; “minimize disclosure and aggregation of information”; and, finally, Kim’s opinion that he “wouldn’t touch this kind of challenge without Information Cards.”

I need to first clarify that, as Kim pointed out, this is a personal blog. The official position remains that igovt services are for the use of people and organisations interacting with government.

Issues that may arise if igovt services are extended to the private sector are being considered. These issues include thinking about whether government is a justifiable party or not in such transactions. A final recommendation to government will only be made after thinking this through and a further Privacy Impact Assessment (PIA) looks at all the issues and mitigations proposed.

It’s important to keep in mind the context. We are talking about the dangers of social networking where sites such as Facebook and Bebo are unwilling and unable to do their bit in keeping our kids safe online. It is important that responsible people try to work out a solution that works for both these websites and their customers.

Kim makes some good points which, thankfully, have already been considered.

The most important architectural consideration is that igovt splits identity verification (who you are) from authentication (your online activities) into two separate services run by two different government departments. The first is provided by the proposed Identity Verification Service and the second by the Government Logon Service using pseudonymous identifiers.

This has the additional benefit of providing protection from hackers. Guaranteeing a hacker will never get through an online service is impossible. Instead, in addition to data encryption, splitting data into silos such that no single breach- external or internal- results in getting all the information is a sensible design approach. In fact, this is precisely the “very distributed, encrypted information storage” that Kim advocates.

Another important part of defence-in-depth is to minimise the amount of data stored. In the case of the Identity Verification Service, it is restricted to four identity attributes- name, date of birth, place of birth, and sex. I’d expect private businesses (including social networking sites) to use the identity verification as a one-off and not the authentication component to log on a person each time they access the online service. This hardly qualifies for Kim’s description of “handling ‘digital explosives’ of a greater potency than has so far been the case anywhere in the world.”

Next, the collapsing of independent contexts. On the contrary, we aren’t looking at collapsing contexts. Indeed, if anything, context separation is strengthened by the use of service-specific identifiers. The Identity Verification Service creates a persistent, meaningless identifier per service to avoid data sharing by Service Providers even if they collude. This is somewhat similar to the Austrian ID system.

This then leaves Identity Provider collusion. Kim places his faith in technological solutions such as U-Prove and Idemix. On this, I differ with Kim.

Protecting and enhancing the underlying trust relationship between people and government is too important to rely on technological solutions alone. Sure, good technology is vital but, in my opinion, needs to be complemented by other instruments: oversight, independent assessments by experts, public consultation, policies, designing in privacy (such as separation of identity and authentication as well as use of service-specific identifiers) and, last but not the least, legislating the privacy protection.

For example, the power of choice is at least as important as getting the technical solution right.

I think Information Cards are really good, hence my mixed reaction to Microsoft’s acquisition of U-Prove and my exchange with Kim about continuing to make U-Prove widely available. But to think that technological solutions alone- no matter how great they are- can, in themselves, provide adequate trust in government is simply unrealistic.

Constructive criticism is a positive thing- it makes good things better. However, it requires people engaged in the debate to take the effort to fully understand what’s being discussed. In the spirit of promoting this, I invite interested people to take a look at the presentation I did in September last year at the Technology and Privacy Forum hosted by the Office of the Privacy Commissioner, New Zealand which describes both the big picture and the detail of privacy protection.

As a final word, as you’ll see from slide 15 of the presentation, the one thing that I do agree with Kim is that the laws of identity are applicable!

April 7, 2008 at 11:11 pm 4 comments

Older Posts

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter