The wrITing on the wall

Share this post:

Column by Frank van der Wal

In my last column I described PresenceInsight, a system developed by IBM Research to track mobile devices anonymously within  a designated area.

Some of the readers reacted with the obvious remarks about privacy. Although PresenceInsight is anonymous (tracking only the MAC address of the mobile device and not personal information) the question surfaced that if somebody buys a mobile device it doesn’t automatically means that that person wants to be tracked in the first place.

I am a technical guy, not a lawyer or an etesian. I don’t have the answer to all those questions.

As a person I’m also worried by the data that is there to grab. Even yesterday I installed a new app on my iPhone from a  TV/Internet provider that allows me to watch TV on my mobile device. I was stunned to see the access that app has on my personal data which  has absolutely nothing to do with watching TV. Still I installed it, weak as I am and again choosing for the convenience.

The other day I saw a slide in a presentation about security on mobile devices. It showed that most of the popular dating apps have access to location info, personal data, calendar etc. Not that bad at first sight, but then the slide showed that more than 50% of the corporate users have dating apps installed, meaning that the companies (or just clever hackers and industrial spies) behind the dating apps can see where the companies sellers have been…

Security, personal data and integrity are all very important. It is why my eye was attracted to an IBM Research project called Identity Mixer.  It solves the problem that everyone faces these days. If you want to do anything on the web you have to fill in a form with data that has little or nothing to do with the services you are requesting. I’m very offended by it, by the way. Why do I need a login ID (yet another password to remember) if I want to buy tickets for a movie. OK, I do realize that to see a 12years+ rated movie they need to know my age. But I know that my personal data is out there once more and if companies like Sony or Gemalto can’t protect themselves against cybercrime, I really don’t see how my local Mickey-Mouse cinema with a Mickey-Mouse IT infrastructure and probably even worst Mickey-Mouse IT Security in place, can.
I always have an evil smile on my face whenever I see the statement “your data is safe with us”. Yeah, right! (Unless they use IBM’s security offerings and the data is stored on a z Systems, of course). In addition I trust technology more than the people who work with it…

Despite my lack of trust in those companies, they are –legally— obliged to safeguard your data. If they take it seriously, they should be concerned.

Identity Mixer is a system that allows users not to reveal all the personal information if only a limited set is required. On YouTube there is a good animated movie of a girl that want to see a film online. She needs to prove that she is over 12 year and that she has a valid account. So why on Earth send her street address, city, sex, nationality etc. etc. as well?

Identity Mixer uses a cryptographic algorithm to encrypt the certified identity attributes of a user. The clever thing is that the user can determine which of the data is revealed. For the receiver/requester it is a less painful exercise as they don’t need to safeguard valuable info. Even if the requester is hacked, the information is still encrypted and of no use for the hacker.

With Identity Mixer and the algorithms behind it, you can actually send information that is not your birthday, to prove that you are over 12 year. Clever, eh?.
To use the Identity Mixer the user has to register only once with the eGovernment and then her encrypted data is stored on an eWallet. Together with her account of on-line services she can identify herself with a limited number of her attributes.

Although it might be controversial, this service will be available from BlueMIx, the PaaS Cloud services of IBM. There are many discussions on Security and cloud as well, but remember that the data is encrypted and stored on the eWallet, not on the BlueMix cloud.

I do realise that companies would like to have as much data as possible from you and that Identity Mixer won’t solve the hunger for personal data for those companies. Still, I’m optimistic and think that the public opinion as well as fact that the receiver doesn’t hold valuable data, might change that a bit. Now I only have to find a way to tell my local CableTV company to stop using my photo library if I want to watch TV on my iPhone. That’s the hard part.