Monthly Archives: April 2007

Who is protecting your data?

I find the Department of Health comment about the release of information about trainee doctors to be very worrying…

“We apologise to any applicants whose details have been improperly accessed. This URL was made available to a strictly limited number of people making checks as part of the employment process” .

To even think that just limiting who they give the URL to was sufficient security is absurd. Even if those provided with it don’t actively pass it on, as soon as it is used it is likely to end up in several log systems – ISP cache, phishing filters, parental control filters, Google Desktop history, not to mention the potential numerous spyware functions that could be on a system.

James Naughtie Quite rightly asked Lord Hunt how people could feel confident in allowing their records to be stored in the central medical database. Lord Hunt initially tried to tell us about the benefit of storing it. Hmm, don’t worry about how safe your data is just think about the benefit.

I’m sure that  the security of the medical database will be a high priority, but what about the people who decide to dump the information into an Excel spreadsheet and put it on a web site to share with just that one person who they give the URL to?

Are we ready to be who we are?

OK, odd title. I have several almost ready posts but just not quite got around to to hitting the post button. Here’s a few reasons why (I hope this doesn’t become another of them)…

  • Started then ran out of time
  • It could be better
  • Just one more reference
  • Will others misinterpret what I have written?
  • Do I really want to associate this comment with me? (This one gets to the heart of the matter).

Do I really want to post information about me or my thoughts? The idea of the transparent society is great. Nothing to hide, everything public. All activity, what you say, what you do, web sites you visit (or links that your mouse happens to pass over) . But what happens when this information is used by others in unexpected or unwanted ways. This could be as trivial as mis-interpretation of intent resulting in unpleasant commentary or as serious as identity theft or other malicious acts.

Kathy Sierra was the unfortunate recipient of some very unpleasant responses recently. From what I can see, it wasn’t even a disagreement of views, just a malicious attack with no other purpose than to hurt. Just the kind of media fuel to frighten people and stop them engaging in the conversation that is the Internet today.

Kathy had recently written about Helping users “feel the fear and do it anyway”, in which she suggested that acknowledging that something is difficult and helping users through it was a very valuable service. Ironically my personal thought association with this post was on identity and disclosure. I thought “yeah I should just get on and publish stuff and stop agonising over whether it’s taken out of context or misused later”. Hopefully Kathy will be posting again soon.

Today I noticed a post from Dick Hardt on Identity2.0, linking to some more detail relating to Kathy’s case. It seems that one of the people associated with one of the sites where the comments were made has suffered some serious identity abuse and has had to completely change all his details (mail, blog etc). Dick points out that the lack of real and common identity mechanisms is a fundamental issue that must be resolved to help combat these types of problem (although it is sad that these problems are one the drivers).

So are we ready to be who we are? I’m still testing the water.