Tuesday, July 24, 2007

What should be secret?

BBC tech commentator Bill Thomspon wrote on Monday about, well, several things. Ostensibly, about security risks on the iPhone, but it rapidly got into much more interesting core issues.
The problem is apparently that we are all giving away too much information that should remain secret, like our date of birth, address and even details of which schools we have attended or where we have worked. This information should apparently be carefully protected because criminals can use it to fill in applications for credit cards or loans, stealing our identities and causing all sorts of problems. This seems to be entirely the wrong way around. I have never kept my birthday secret from my friends, partly because I like to get cards and presents, and I do not see why I should have to keep it secret from my online friends. If that means that other people can find out about it then the systems that assume my date of birth is somehow 'secret' need to adapt, not me.
I couldn't agree more. The fact that I cannot say this well is why I don't have a technology column read by people in other countries. I think about this a lot due to the new FCC regulations I spend a lot of my time working on these days. The FCC seems to get it. We are not supposed to use that sort of personal information for any security. At all. Not even for recovery or anything. Security uses unique passwords, and other such stuff. Well, actually there is a "shared secret" recovery or bypass as well, but I think its just because no one could come up with anything better; eventually, maybe we'll loose that also. Anyway, in theory this leaves us capable of thinking about interesting uses of that personal information. The FCC burdens us with calling practically anything personal CPNI, but it doesn't mean the customer can't reveal it themselves if they want to. Well, they can't really now, but perhaps some future, web 2.0 version of our site will let users publish Picture Mail, or Game Lobby or other community-related info thru RSS feeds. Think of how cool, and useful, a mashup of mobile photography, mobile location and public mapping tools could be. I also respect Bill for publishing his school, his mother's maiden name, his birthday, and so on. I cannot tell you how many people tell me, as though its bad, that my home address is on my website. Yeah, on purpose. I just added my GPS coordinates, among other things. I'm not even sure I'd bother hiding this stuff even if I was a true celebrity. The same security principles hold, so door locks should comply with the proximate risk. As a stalker-worthy person, I'd just upgrade the locks.

No comments: