I have talked many times before about the privacy concerns that I have about Europe's and Germany's approach to protecting privacy: on the one side citizens have - at least theoretically - a very strong position viz-a-viz non-governmental actors when it comes to data ownership and controls through the Privacy Directive and the "informationelle Selbstbestimmung". On the other hand, the state reserves the right to arbitrarily intrude people’s lives, collect PII, and use any data source – legal or illegal – for fighting so-called tax evasion. In my opinion, this approach is highly hypocritical in itself, but one might argue that different cultures and traditions may justify such laws and procedure.

However, in the current debate about sharing SWIFT financial transaction data with the CIA Germany is crossing a line: all “major German parties” are feverishly opposing the EU Commission’s proposed data sharing agreement with the US administration that would assist in combating terrorism. To get this straight: Germany happily buys stolen financial transaction data from convicted criminals and allows this data as evidence in legal proceedings against alleged “tax evaders”. No controversy ensues, since it only affects a few rich (i.e. successful) that "deserve" to be dispossed. Yet, there is public uproar and another wave of blatant anti-Americanism when the US authorities want to monitor the financing of international terrorism.

Thank you for your time - I rest my case.

tags: hypocrisy germany privacy

Since recently, I am involved in selecting technologies (not vendors, mind you!) for distributed systems. While highly interesting, I am now faced with the age-old issue of interoperability and claimed adherence to standards. We all know the games companies and standards organizations have been playing: loosely specified standards with too many degrees of freedom, proprietary "extensions", etc. What happens often enough is that the implementations of relatively new standards (say less than 10 years of commercially or freely available products) have significant interoperability issues. Over time, these issues disappear, but not necessarily at the speed that customers or even the industry would like. This can have significant detrimental effects, including delay in necessary technology upgrades (e.g. IPv6), market distortion  (PAC data in authZ data fields in  W2Kx), or even non-adoption.

The SAML commercial community has developed a process that is very useful to technology consumers: through Liberty, Drummond Group International operates a testing program that verifies standards compliance of SAML products against the SAML 2.0 static conformance requirements.With a rigorous testing process, the results of this process are quite helpful for source selection - if only to get a quick overview of the capabilities of the different products without having to wade through piles of marketing collateral and technical documentation. As a customer, I am particularly pleased about this process, since the vendors are paying for this process themselves. While this does not eliminate interoperability problems completely, it puts the burden of proofing interoperability on the vendor and not on the customer.

On the other hand, Microsoft and a number of other vendors have in the past performed informal cross-matrix interoperability testing in the form of the ws-builder plugfests or the OSIS InfoCard test rounds. The lack of formalism is countered here with the very low barrier to entry, so that open source projects or small companies have the opportunity to participate as well. 

Combining these two approaches would yield an useful process:having a commercial vendors and--at least some-- open source projects participate in a formalized vendor-initiated cross-matrix interoperability certification (VICMIC - this is for all the acronym lovers out there) would give enterprise architects and developers a powerful tool for source selection. The particpation of the open source projects could be sponsored through stipends that are awared by the testing organiztion based on criteria such as feature completeness, overall quality, etc.

If I had my way (yeah, I know, I will not ... still you can DREAM), all technologies wanting to be considered for public projects would have to implement such a process - that's a MUST in RFC 2119 speak. If they do not, the aquisition process should really require this.

tags: interoperability government

Ok, the under 35s may be digital natives ... but if that is so, I am not a digital immigrant, but a "digital colonist". 

tags: digital immigrant digital native digital colonist

For this year's Balisage in Montreal, we (R. Dingwell, A. Gregorowicz, H. Sleeper, and myself) have been accepted as a late-breaking proposal for our work on hData, which addresses some problems that are currently plaguing electronic health records. Our session is scheduled on Thursday at 11:00am. This is the abstract:

Title: hData - A Simplified Approach to Health Data Exchange

Interoperability issues have limited the expected benefits of Electronic Health Record (EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital continuity of care documents which are securely available to the patient and their care providers on demand. The history of continuity of care standards includes multiple standards organizations, differing goals, and ongoing efforts to reconcile the various specifications. Existing standards define a format that is too complex for exchanging continuity of care information effectively. We propose hData, a simplified XML framework to describe health information. hData addresses the challenges of the current HL7 Continuity of Care Document format and is explicitly designed for extensibility to address health information exchange needs, in general. hData applies established best practices for XML document architectures to the vertical health domain, which has experienced significant XML-based interoperability issues.

As you might imagine, we will have to say a few things about identity, access, and privacy management for electronic health records, as well. Looking forward to seeing you there.

tags: balisageConference09 EHR HIT health care health records hData

tinyarro.ws: http://➡.ws/榾 (wood chip)