The ability to lie about yourself and get away with it

* What is privacy, really?

Former IBM Tivoli Chief Scientist Bob Blakley is now a principal analyst with the Burton Group. The change of locale hasn't changed his dry wit or his insight as his presentation at the recent Digital ID World conference proves.

Blakley spoke on the topic "What is Privacy, Really?" a subject near and dear to him as well as to many others in the identity realm. Privacy was, in fact, one of the driving forces behind the so-called "user-centric identity" movement.

But privacy is a widely misunderstood concept. It's frequently confused with anonymity, often confounded with security and colloquially termed the "right" to be "left alone." As Blakley puts it, "I don't want to be alone, but I still want privacy."

After about 20 minutes of telling us what privacy wasn't, Blakley came around to stating what it was: "The ability to lie about yourself and get away with it."

He was quick to point out that it wasn't positing a right to lie (that's an ethical, or legal question), just the ability to lie. What that means is that when someone asks you a question and you reply with an answer, the questioner cannot judge the veracity of your information. As Blakley more elegantly stated it: "If you could tell a listener the truth or tell him a lie ... And if he would accept either story ... then he has given you the benefit of the doubt..."

The question Blakley wants answered is: "Can the benefit of the doubt be built into the meta-identity system?"

I often use this principle when dealing with obnoxious registration forms, those portals that try to collect all sorts of identifiers, demographics and marketing info from me in order to grant me access to a white paper, software evaluation or other product or document.

Not only do I have the ability to lie and get away with it, I often exercise that ability. Quite a few people (almost all of them outside the realm of marketing) claim you have a right to lie under those circumstances. There are some, in fact, who claim it is your duty to lie in that case. I'm not ready to go that far. I'll give up my e-mail address provided I can customize the extent of the materials that might be sent to that address and can opt out of the more spam-like marketing efforts. But I can see no reason to cough up details of my business, number of employees, target date for purchase, types of computers, operating systems, applications, etc., simply to read a high-class marketing document (after all, that's what a white paper is these days).

Blakley went on to talk about the use of an identity provider (IDP) acting as an agent to dispense accurate data on our behalf and with enough granularity so that only the data absolutely necessary for a transaction is distributed. That means, of course, that you need a trustworthy IDP. You can follow more of Blakley's thoughts on privacy and identity at his blog site, which is well worth following.

While a trustworthy IDP might be taken as a given, what about your identity vendor, or IDV? That is, how trustworthy should the people be from whom you buy your identity management products? We'll look at that question in the next issue.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.