Showing posts with label Microsoft. Show all posts
Showing posts with label Microsoft. Show all posts
Wednesday, July 25, 2007
Ask.com and Microsoft call for privacy standards
According to PC World, Ask.com will be the first major search engine to offer an anonymous searching option to users. Their new AskEraser feature will give users the option to request that their search data not be stored.This is in stark contrast to Google’s recent announcement that they will reduce the time they save search data from over 30 years to “only” two years. In spite of Google’s voluntary reduction in cookie life, European privacy experts, among others, have soundly criticized the lifespan of Google’s cookies:
"Compared to the previous lifetime of 30 years, the period of two years seems to be short," Schaar wrote in an email. "But from a data-protection perspective, and considering the fact that the user's search behaviour is recorded and can be analysed for any purposes, this period is still too long."Meanwhile, Microsoft has joined Ask.com in calling on technology leaders to find a way to meet their need for advertising data without compromising user privacy:
"The first step is, we'll be in contact with all the other players in this space and talk about what a summit might look like," said Cullen. "We're very happy to host it, if that's the answer ... both Microsoft and Ask.com think that this is the time to make this happen."
Microsoft is planning to allow users to opt out of having their search data used to generate targeted advertising on Microsoft's Web sites, and under a new privacy policy, plans to scrub all search query data of any user-identifiable information after 18 months. While this is in part a shot at Google, it is encouraging to see some leadership within the industry to safeguard the privacy of their users’ search data.
The ability to search anonymously is essential in allowing individuals to explore any area of inquiry without fear of discovery or retribution. When companies track user data, their primary motivation is to inform their decisions about advertising. The abuse of search data has additional implications if the data is merged with that of advertisers, as I wrote in an earlier post about the proposed Google and DoubleClick merger.
When search data is breached, the consequences could be far more serious than mere embarassment. About a year ago, AOL inadvertently released the search data for about 650,000 searches on their site and New York Times reporters were actually able to identify one of the searchers. Breaches of this magnitude and specificity could ruin careers and reputations, while creating a chilling effect on the exploration and sharing of ideas over the Internet.
Google needs to stop hedging on privacy and get on board with this initiative.
Wednesday, April 25, 2007
The 7 Laws of Identity: User control in system design
As the level of fraudulent activity online grows, consumer confidence in e-commerce is increasingly threatened. In response, Kim Cameron, Chief Identity Architect at Microsoft developed the 7 Laws of Identity, in cooperation with a number of leading experts from around the world. At the recent Privacy and Security Conference in Victoria, British Columbia, Ann Cavoukian, Information and Privacy Commissioner of Ontario, presented a white paper proposing privacy-embedded laws of identity, based on Cameron’s 7 Laws.The proposal would create an identity layer in software and web services. Programmers are urged to embed privacy capabilities based on the following seven laws:
Law #1 – User Control and Consent
The user must have control over how much information to provide and under what circumstances.
Law #2 – Minimal Disclosure for a Constrained Use
The user must only provide the least amount of information for a specific purpose.
Law #3 – Justifiable Parties
The disclosure of personally-identifiable information is limited to only those parties that have reason to require it in order to fulfill a specific purpose.
Law #4 – Directed Identity
Web sites and other technology should be unidirectional and shouldn’t be able to access your personal information without your prior consent.
Law #5 – Pluralism of Operators and Technologies
Systems should ensure that users can decide how much personal information to provide, depending upon the context. A “one size fits all” solution is not desirable where your personal information is concerned.
Law #6 – Human Integration
The ways in which users interact with systems must be done in a way that ensures users can more easily detect fraudulent websites and messages.
Law #7 – Consistent Experience Across Contexts
Systems are designed with standards and conventions that are easily recognizable to users, while allowing the user to exercise control between contexts.
More and more of our personal information is accessible than ever before and most of is controlled by others, in both the private and the public sectors. As more of our routine tasks and commerce take place on the Internet, the 7 Laws of Identity are a means for users to take back control of their personal information.
Subscribe to:
Comments (Atom)
