Through Ian Fletcher of Burton: Peter Fleischer of Google is now facing criminal charges for failing to prevent the publication of a defamatory video on Google's video site - taking it down after 24 hours was not sufficient. While this is a somewhat extreme case, I fully expect an increasing number of civil and criminal cases filed against companies and government agencies for failing to protect the privacy of data principals: In the U.S. the efforts to standardize patient's electronic health records and federate access to this data will invriably lead to some cases of unauthorized disclosure. Europe has already had a decent share of privacy violations lately, but the effects have so far been manageable.

Going forward we as a society need to coordinate data access much better than we have so far, thus it starts making sense to star talking about privacy management as a separate discipline in corporate IT and process management. Privacy management is obviously closely related to information and identity management, but has a strong legal/regulatory aspect. Especially the lack of any harmonization of global privacy frameworks is a constant threat to globally operating companies. Some of these aspects will be discussed at the next Liberty Plenary meeting. 

tags: privacy google privacy management liberty alliance

Jeff thinks that my term describing the privacy situation in Europe is a little harsh. I cannot blame him, since the Europeans, and especially Germany has been working hard on presenting themselves as the global guardians of privacy. And, true enough, the rights that a European citizen has viz-a-viz private sector companies is considerable. Also, Germany's supreme court confirmed on multiple occasions that there is a "Informationelles Selbstbestimmungsrecht" (right to information self-determination).

Yet, when it comes to the government or its associated entities prying into peoples lives, all bets are off:

• Go to the U.K. and try to not be captured on a surveillance camera. Anywhere.

• Try renting an apartment or buying a condo in Germany. Within 30 days you must submit a form to city hall declaring who you are, where you lived before, and who else is living in your home. This data is automatically shared with semi-private organizations such as the collection agency for public broadcast fees, but also with anyone walking up to city hall that deems you a debtor.

• There is a EU directive that establishes a community-wide unique tax ID number far all citizens and residents of all ages. This number is permanent, and must be shared with employers, banks, and - potentially - insurance companies. Sounds familiar?

• All trucks in Germany are required to use a satellite-based tracking system to determine tolls for using the Autobahn. This data is collected by a private-sector consortium on behalf of the government, and there are a number of politicians suggesting this for all vehicles.

• Finally, Germany's "Personalausweis" (national ID card) is mandatory for anyone over 16. So far, city hall was managing this data, but since there are preparing to put biometrics on this one, there will soon be a comprehensive federal database of all citizens of Germany over 16, complete with digitized photo, fingerprints, and later iris scans.

The list could go on and on - I am sure that Robin has a lot to add to this list. Needless to say that there have been numerous occasions where data collected by government agencies has been "lost", stolen, or otherwise compromised. While we are talking about theft: Germany has paid more than EUR 5 Mio for stolen data about alleged tax evaders.

So yes, my choice of words might have been harsh, but unfortunately quite justified.

tags: privacy europe germany

Most often people will believe bad news much easier than good news, displaying a general sense of pessimism that is part of the human soul. But sometimes it is really hard to believe what kind of madness politicians come up with: The Governor of Massachusetts, Mr. Deval Patrick, is currently concerned with the state's budget. Well, the times are tough, and it is understandable that we either have to cut programs, raise taxes, or both. These are hard decisions, and I do not envy anyone having to take them.

However, one suggestion Mr. Patrick made yesterday immediately got my attention: there are apparently plans on the table to introduce a "chip" in the state's vehicle inspection stickers, so that cars can be tracked as they use the Commonwealth's highway system. What might seem like a prudent idea to shift the cost of the transportation infrastructure to those that are causing them, is in reality an attempt to introduce an Orwellian surveillance system of European proportions.

It is bad enough that the private industry (in the form of the wireless carriers) have a rather comprehensive location profile of all their customers. Yet, it is really easy to turn of the cell phone, leave it at some place, or switch to another cell phone, in case one wants to obfuscate one's location. However, even in Massachusetts it is rather hard to get around without having to resort to using a car. Within the 128 belt this might be manageable, but once you get beyond 495 it becomes impossible. Mandating a tracking and surveillance device in vehicles for tax purposes will now create a gigantic database with rather sensitive information. The potential for abuse is scary:

• With location data, one can attempt to create a political profile by tracking conventions, conferences, and events a person goes to. I am not a lawyer, but this seems to be getting rather close to infringing a couple of First Amendment rights.
  
• The collected data can be subpoena in all kinds of litigations, including sensitive things like divorce proceedings or insurance disputes.
  
• If the database is ever breached, the hacker could have a field day, exposing location profiles of individuals. Depending on whose data is stolen, this could actually result in increased personal risk for exposed persons.
  

There are a lot more things that can go wrong, so this bill must never even come close to being considered.

tags: privacy massachusetts deval patrick big brother

The DHS Data Privacy and Integrity Advisory Committee of the Privacy Office of DHS has sent a letter to the new Secretary of Homeland Security, Janet Napolitano, making some recommendations for the adjustment of the way the department deals with privacy policy and issues. Some of the more notable ones include:

• Compartment Privacy Officers

• Data Governance

• Interoperability and Data Integrity

• Overhaul of the 1974 Privacy Act

• Independence of the Privacy Office from the rest of the organization

These are excellent suggestions, especially when applying them as a whole: having a compartment Privacy Officer, that can act independently of the rest of the organization has the potential of channeling the efforts of the department into the right direction. Improved data governance, integrity, and better interoperability should really be on the agenda of the CIO as well, but especially in the context of E-Verify or Border control these issues also gain a privacy facet.

Overall, this letter should be a recommendation not only to the DHS, but government and private organizations in general (mutates mutandis). Major privacy invasions (as we have recently witnessed them en force in Germany) can only be avoided if privacy compliance is considered as critical to an organizations success as any other good governance principle.

tags: privacy dhs

It took a long time, but it seems that the time for an older idea of mine has come: Jeff Hodges is reporting on a report he prepared for the MIT Kerberos group to explore the use of SAML tokens in traditional security systems. A while ago, I was exploring a similar idea - then with Eve and Nico - on how to use SAML attribute and bearer token in the context of the GSS-API. 

The ideas and concepts we had then would still seem valid to me, although a lot of things have moved on since then. I will definitively follow this, if only from a distance.

tags: saml gss-api kerberos

We are truly living in interesting times, and while I sometimes prefer to be boring, I think that the increasing interest in authorization is definitively a good sign. Recent discussions on the OAuth Charter for the IETF WG, and Martin Kuppinger's article on Authorization Management are good indicators that the community is moving towards new approaches for distributed authorization.

While XACML has solved many of the problems that may arise from a technical perspective, it is fairly heavy-weight and in its current form not particularly appealing to the large number of RESTafarians. Also, as Martin is pointing out in his articles, what seems to missing is a framework comprising business rules and policy management for "multi-layer authorization" models. Nevertheless, with the recent addition of XACML to the HITSP IS01^[1] and the XSPA XACML 2.0 profile for healthcare will likely raise the visibility for XACML beyond its core community.

At this point, privacy protection concerns (as also voiced in  XACML core) will play a major role, especially when considering the sensitivity of HC related information. As such any authentication management framework must either address these privacy protection issues, or be open enough to interface with emerging technologies such as CARML et al. from the IGF.

tags: authorization xacml oauth hitsp carml igf privacy

[1] Along with SAML 2.0, WS-Federation, and WS-Trust...

Oh well, I finally sat down and took the time to convert my aging main web site into something more dynamic. Since my - overall - quite reliable hoster gives me free PHP5 and MySQL databases, I took a closer look at Drupal, given its overall support, ease of use and add-on module availability. My first impressions are quite good: it was easy to get up and does not seem to be too hard to administer. Converting my exising HTML went well, although the default editor (or more specifically: the Drupal filters) have a tendency to get in the way at the beginning.

Now, one thing I will probably spend a little time on over the next few weeks (time permitting - haha), is to develop a somewhat more reasonable authentication scheme for my various web properties. I have a happy collection of PHP apps, this .NET based blog, and also some custom Java apps. So far there is really no identity management in place; a fact that has been a sore for a while. A simple SSO authentication scheme across these difference platforms is a panacea, but it should not be to difficult to achieve. I am looking actively into using Oauth or SAML as the token format, and a simple RESTful transport.

tags: web site identity saml oauth rest

Times are changing, and people have to change with it. Doh - another pearl of obvious wisdom, but there is an interesting application to the work life: while regular employment might change rather abruptly, business and community relationships usually do not. So while you might no longer be working for a particular company (say, Sun, for example), you would still be interested in continuing your work in a particular area of interest (say, identity, for example).

In this spirit, I decided to join the Liberty Alliance as an individual member. The new structure of the organization, combined with a reasonable fee schedule allows me to continue my formal relationship with one of the more comprehensive identity consortia currently in existence. While I have not yet quite made up my mind on how this engagement will be, I know that there are a number of current project in TEG and IAEG that stir my interest.

One of the most interesting developments in Liberty right now is the realization that a RESTful approach is quite necessary to extend from an enterprise-centric identity management system to one that can scale up to the needs of health care providers and governments. The need for a lightweight IdM and federation framework is indisputable, and the GSA and Internet2 have already demonstrated that the existing feature set in SAML2 is sufficient to build a meaningful federation. However, it will take the legal and business rules framework of the IAF and related efforts to extend these technologies into the realm of social networking and eGovernment where you cannot rely on having a mutual trusted partner in identity.

So, going forward, it will be a lot of fun to dabble with the same technology, only now from a slightly (or not so slightly) different angle. 

tags: project liberty identity rest