To protect your privacy, hand over your data
Verifying your identity generally comes down to entering one “key” that only you can provide – be it a password, credit card number or RFID tag.
That’s not good enough, according to a new proposal, which suggests that our digital identities will be more secure if they rest on reams of data on our everyday life culled from cellphones, online transactions and the like.
The idea comes from Alex Pentland at the Massachusetts Institute of Technology’s Human Dynamics Laboratory. The lab is a pioneer of “reality mining” – studying how people behave by using the crumbs of digital data our every action now produces.
“You are what you do and who you do it with,” says Pentland. Researchers and corporations have realised the potential of such data mining, he points out. “It is already happening and it is time for people to get a stake.”
Personal control
If people gain control of their own personal data mines, rather than allowing them to be built and held by corporations, they could use them not only to prove who they are but also to inform smart recommendation systems, Pentland says.
He recognises that allowing even limited access to detailed logs of your actions may seem scary. But he argues it is safer than relying on key-like codes and numbers, which are vulnerable to theft or forgery.
“It is not feasible for a single organisation to own all this rich identity information,” Pentland says. What he envisages instead is the creation of a central body, supported by a combination of cellphone networks, banks and government bodies.
That bank could provide “slices” of data to third parties that want to check a person’s identity. That information could be much like that required to verify high-level security clearance in government, says Pentland.
Privacy expectations
An individual could also allow their data to be used by services like apps on their smartphone to provide personalised recommendations such as restaurant suggestions or driving directions. This has the potental to be much more powerful than the recommender systems built into services like Netflix and iTunes, and would help familiarise users with the value of the approach, says Pentland.
Getting people to share facets of their rich identity is still likely to be a tough sell. “There will be an incredibly complex matrix of sensitivities and privacy expectations when it comes to managing such data,” says J. Trevor Hughes, executive director of the International Association of Privacy Professionals.
A wide range of things need to be engineered into any such system to make it work, says Hughes: effective public policy, consumer education, sophisticated data security and more.
Pentland says he is addressing such challenges. “I have already been working with the Harvard Law Lab and the World Economic Forum to develop and advocate the idea.” Those two organisations and 70 other industry partners that have expressed an interest will be asked to trial a design for the system currently being finalised.
Pentland presented his proposal at the First International Forum on the Application and Management of Personal Electronic Information held at MIT last week.