Me – The intersection of Privacy, Security and Identity on the Web – Part III

by

 

Choice

In my last post (link) I discussed the current proposed DNT standard and why I have serious reservations about it’s viability. At the end I mentioned that this would provide an opportunity for innovation to occur – so lets take a look at what something would/could look like.

To recap. First and foremost the solution will have four key attributes that promote the following: Confidence, Privacy, Choice and Innovation. In addition it must support the following features:

1.    It will be privacy enhancing and voluntary
2.    It will be cost effective and easy to use
3.    It will be secure and resilient
4.    It will be unambiguous
5.    It will be interoperable
6.    It will be transparent

I have to state first that there’s no silver bullet/one sized fits all solution. No matter how many virtues this solution has it will not be perfect. That said we should be able to, within the scope of the four attributes outlined above, be able to build something that’s better than what we currently have.

I’m going to start with Interoperability. To me this is where the foundation for any solution will be built. And there’s only really one place to look at that’s RFC 2616 which is the foundational document for the Internet. It alone provides the scope of the HTTP protocol that joins everything on the planet. It truly is the “One Ring that Binds us All”. So this becomes are foundation which means that the application that sits on top of it is going to be where the solution will be found – the browser. The other ring that binds us all – everybody knows how to use a browser and they work on every device connected to the Internet.

So now we have the foundation and the building blocks of our solution – the Internet and the browser. What’s missing? – Data. Well that comes from databases that tie into existing Web services which in turn connect to the Web so we can access them via a browser.

So lets summarize what the solution will look like:

1.    One Platform – the Internet
2.    One Interface – the Browser
3.    Multiple data sets – online databases which provide the context

So far so good. People have confidence in the Internet, they have a Choice in what they want to see and hear. However we haven’t met the Privacy and Innovation standards yet. Yes we have some privacy namely SSL when it comes to ecommerce, but that’s not really privacy because I still have no control over what data is shared – just that it’s encrypted. As for innovation – the HTTP protocol has been “fixed in stone” since 1999 when the comments or suggested improvements were closed. For all intents and purposes we’re still at version 1.1 and I don’t see it changing anytime soon.

So what do we do about the Privacy and Innovation attributes? Well fortunately there’s a section in the current HTTP 1.1 spec that allows us to “Innovate” and here it is…

It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers. A feature of HTTP is  the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred.

HTTP is an extensible protocol so that you can take advantages of new ideas, new innovation and extend it beyond it’s original design scope. So if we’re going to meet the Innovation requirement that’s exactly where we’re going to start. Why – because it’s an approved, standard way of doing things that everyone has already agreed on.

So what is a header? It’s actually a little piece of data that gets sent to the Web server. It can be any type of data and it can be compressed and encrypted to save space and preserve “Privacy”. This is good news is as we are now focusing in on our four required attributes: Confidence, Privacy, Choice and Innovation.

Now lets check back and see if we’re still meeting the features guidelines?

1.    It will be privacy enhancing and voluntary
2.    It will be cost effective and easy to use
3.    It will be secure and resilient
4.    It will be unambiguous
5.    It will be interoperable
6.    It will be transparent

So far so good. We haven’t yet described how we improve #1, #2 is fine, #3 is also fine (it works and we can safely use encryption) #4, #5 and #6 are also met – it’s the Web. We all take it for granted and it just works.

What we really haven’t yet described is a solution to #1 – we have to enhance my privacy and we have to ensure that it’s voluntary i.e. we offer the consumer a choice in how they use the solution.

And that’s where the next blog will pick up – Adding Privacy to the Internet.

Posted in: #wpo, Privacy


Email Subscription


Categories