Is Privacy a Contact Sport?

Posted on April 11, 2012 by KHaynes

by Dave Smith, Sales Engineer Manager

CNN recently posted a brief, yet important article on privacy as it pertains to applications running on the Apple iOS mobile operating system. In summary, the article says that Apple will start requiring mobile applications to get explicit permission before they can collect and store the user’s contacts.  As we all know, some social applications depend almost entirely on gaining access to the user’s contacts (i.e. Facebook, Twitter, Words With Friends, etc.), regardless of the source of these contacts.  According to the article, in some cases Apple discovered that the permission (authorization) to allow the mobile application to harvest and remotely store the user’s contacts was buried deeply in some applications’ terms of service or privacy policy agreement.

Apple is fixing this and we applaud their effort. Making it easier for users to knowingly and willingly “opt in” for data sharing is important to the trust that’s needed in today’s interconnected and service oriented Identity Economy.

As I think about this more, it raises an interesting question – who owns the contacts?

As an example, regardless of whether it’s my phone (or my rolodex, day planner or holiday card list…) and I add your information as a contact, my contact, then I at least am a partial owner of our “contact” relationship.  Right?  More generally, if two people are friends, then each has some interest or ownership in the friendship.  And at least in my experience, when two friends exchange contact information, it’s usually so they can stay in touch, not so that personal information could be shared, sold or given to others.

So let’s agree that having someone’s personal contact details in my phone assumes I was given this information so I could communicate with them, whether they are a friend, coworker or acquaintance. Beyond this use, how much of my contact’s personal data do I own or do I have a right to authorize or share with anyone else?

Here’s a diagram to illustrate the situation:

Looking at the diagram, I can claim to own and have all rights to any information in the “Me” circle.  This is my profile information – e.g. name, address, age, employer, email, etc.  Since it’s my personal identity data, I can choose how and where I share it.  I could also claim to have some authority of the lines connecting “Me” to my contacts, since these lines are my relationships to these people.  But again, how much of the personal information in any of my contacts’ circles do I “own”? Do I have the right to grant access to that information to some other application that wants to collect it?

Let’s look at one more analogy.  If a marketer called your home and asked if you knew John Doe, you might be inclined to answer without hesitation.  But if they asked if you would give them John’s phone number, address, email address, etc., you hopefully would ask why they wanted these details and might feel you want to check with John first.  After all, you’d probably want John to do the same for you.

Back to the situation being addressed by Apple… From a privacy perspective, it’s fair that I should have to explicitly authorize any application before it can retrieve any information on my mobile device, including my contacts.  From a trust perspective, my contacts trust that I’ll use their info for the purpose it was given to me – e.g. for me to use in order to communicate with them.  They trust that I’m not handing it out to anyone or any thing that asks for it.

The point is that unlike more typical personal identity data (e.g. my profile, my email address, my location, my search history, my purchase history, etc.), contacts are different.  This is because they hold someone else’s personal identity data.  And if it’s a different type of data, then maybe different rules should apply to terms of service when it comes to contacts.  After all, trust is paramount in the online digital age and my friends, coworkers and acquaintances need to trust me to use their data the way it was intended, much in the same way that I need to trust online services and even mobile applications.

So while we believe Apple is moving in the right direction, we also believe we’re only scratching the surface on the privacy concerns when it comes to different types of identity data.

Think about that…

Posted in Data Privacy, Identity Economy | Tagged , , , , , , , , , , , , , , , , ,

Comments Off

Moore’s Law of Identity – The Explosion of Identity Information

Posted on April 5, 2012 by KHaynes

by Andy Land, Vice President of Marketing

UnboundID CEO Steve Shoaff always comes up with interesting ways to explain what is happening in the market, and one of his latest favorite sayings involves extrapolating “Moore’s Law” to cover Identity.

How does he define his version of Moore’s Law of Identity?
The amount of identity data about a user – the user’s attributes – is growing much faster than the number of users.

Now, is the amount of identity data doubling every two years, or 18 months as described in Moore’s Law?  Maybe.  Or it might be more than this.  Regardless of the actual rate, it’s fairly obvious from the number of new online service popping up every day, and the virtual vapor trail that we are leaving behind in every online interaction, that we are generating a boatload of personal (identity) data.

In the past when we formed a relationship with a vendor, they only needed to know enough information to bill us and give us the proper support. But what has become clear in the Facebook/Google era is that identity information is highly valuable and the more identity information you have, the more value you have in your user. We see this when Facebook targets very specific ads at us based on our age, our relationship status, and even the content of our posts. Thus, providers are trying to harness more and more of this valuable information about us.

So, if service providers want to get more users – which they all do, as that’s how they make money – and they want to sell each user more services, the ultimate consequence is that the service providers have to store a lot more identity information. The infrastructures they have built in the past are not going to be able to handle this explosion of identity information.

This is where UnboundID can make a difference.  We have built a forward-looking identity infrastructure that enables service providers to capably handle Moore’s Law of Identity.  We have purpose-built software that can handle extreme numbers of users (we have deployments of over 100 million users), and more importantly,  the large amount of identity attributes associated with each user (we have customers that store up to 4000 attributes on each user).

If you find that your company is facing the impact of Moore’s Law of Identity, check out UnboundID , and let us help you get your most valuable asset – customer data – in order.

Posted in Identity Economy | Tagged , , , , , , , , , , , , ,

Comments Off

Powering the Identity Economy – Now With Series B Funding

Posted on March 29, 2012 by KHaynes

by Kami Haynes, Marketing Communications

Back in February at the Mobile World Congress event, we rolled out our platform development and marketing strategy around the Identity Economy. This week, we’re putting our money where our mouth is, so to speak, and we’ve announced that we’ve received $12.5M in Series B funding from OpenView Venture Partners. There’s a lot of excitement around this funding, because it will allow us to grow our already stellar team in order to work toward our company goals.

We recognize that identity data is the driving force behind big data, and our identity services platform is designed to help companies manage the exploding quantities of data they are gathering. In addition, it’s clear that consumers (and the government, and savvy enterprises) are concerned about what’s being done with identity data, so one of our key tenets is to help secure that data, and to enable companies to be open with their customers about what they’re collecting, and how they’re using that information. It’s our belief that a trustworthy enterprise gains customer loyalty through this kind of clarity, and customers reward those companies in return, with additional revenue.

This additional funding gives us the resources we need to continue developing products and services that meet the needs of this fast-growing identity marketplace. Keep an eye on UnboundID as we ramp up our business with new hires, new products, and new customers. It’s going to take a lot of work, but it’s the kind of work we love, and that makes things seem a whole lot more fun.

Posted in Identity Economy | Tagged , , , , ,

1 Comment

SCIM Rising- New Capabilities and a Move to IETF

Posted on March 21, 2012 by KHaynes

by Trey Drake, Architect

Here at UnboundID, we have just released SCIM 1.1.  While a ‘.1’ release normally sounds minor, in this case there’s a hidden gem: native bi-directional synchronization support for SCIM in our Synchronization Server. To provide perspective, the primary driver for creating the SCIM standard is to enable organizations to universally provision on-premise user identity to SaaS providers.

The UnboundID Synchronization Server propels that promise forward with bi-directional SCIM synchronization. With this addition, it is now possible to push as well as pull SaaS identity data on premise. Crazy talk? I think not. As more business-critical applications move to the cloud, the cloud increasingly becomes more authoritative. Identity, as a core aspect of any application, will follow suit.  I call this trend the “Rise of the Identity Provider” a la Rise of the Planet of the Apes.  Much like future humans were surprised to see apes ruling the planet, I’m sure IT didn’t see the outsourcing of a few apps here and there turning their world upside down.

Speaking of the Planet of the Apes, in the original book, the protagonist escapes the ape-ruled planet landing just outside of Paris to start life anew (let’s skip over the part where he finds the apes rule Earth too…details, details).  Similarly, those involved in developing the SCIM standard will land in Paris next week at IETF 83 where we’ll present SCIM to the IETF standards body.  If all goes well, a SCIM working group will be formed and work will continue under the auspices of the IETF.  You can track progress of the IETF work here.  Better yet, if you have a vested interest in moving the initiative forward, volunteer and let your voice be heard.

If you can’t make Paris (or just can’t get enough SCIM) we’ll be on that side of the pond again in April for the European Identity Conference in Munich.  Make sure to check out the SCIM panel where representatives from Ping Identity, Courion, SailPoint and UnboundID (yours truly) will banter about all things SCIM.

Posted in SCIM | Tagged , , , , , , ,

1 Comment

Personal Identity Data: Good Versus Evil

Posted on March 14, 2012 by KHaynes

by Kami Haynes, Marketing Manager

Lately the news is filled with horror stories about how companies are abusing personal data – this topic is the “zombie apocalypse” of the online world – it’s everywhere, and everyone’s alarmed and up in arms.

But is it all bad news? Are all the companies that are gathering personal data villainous and evil? What if there are some companies out there that are ready to give you back control over your data? Here’s a likely scenario:

Your mobile provider offers to let you view the information they currently hold on you, giving you the ability to delete (truly delete) things you don’t want them to know. Then, once you’ve reviewed your record, they offer you a 10% discount on your data plan if you’ll share additional data with them – data that they will not share with other companies, unless you approve.  Over time, they could even continue to offer you discounts or bonuses if you share more information – again, on your terms.

Would you take that offer? It puts you back in control. It lets you know what they know, which takes some of the creepy factor out of their activities. And it means that you’re helping them tailor your plan to fit you, based on the data you share – which should result in savings and a better, more personalized plan for you.

Why would your mobile company do this for you? Assuming they’re not the evil “take over the world” type of company we see in the movies, there are several reasons that they might take this more open, friendly path:

  1. Trust – by opening your files to you, the company gains your trust. It’s a risk for them, because you could wipe out everything they know about you. But it’s a calculated risk – you could also add more information. And since few companies are doing this, the first ones to do it will be differentiated as pioneers and outliers, by claiming to give you back control over your data.
  2. More Useful Information – given the chance to review and update your own identity info, you might provide more accurate information. I’d rather someone target me accurately than waste my time with inaccurate offers, so I’d take the time to update my information with correct data.
  3. Loyalty – once a company gives you control, and allows you to tell them what you want them to know about you, you’re more likely to work with them over and over. The rewards are there for you, so you’ll continue to work with that company for greater benefit.

It’s easy to get swept up in the “zombie invasion” scare around the use of personal data, and we do have to stay vigilant against the companies who seem to be using our data for nefarious purposes. And while it’s wise to stay alert and informed about how your data is being used, there are going to be companies out there that are using their powers for good, not evil. It’s our job, as good consumers, to reward those companies for being good corporate citizens, and to take the benefits that they offer us in return.

Posted in Data Privacy | Tagged , , , , ,

1 Comment