The Implications of “Data Portability” Under Repressive Regimes
By Curt on Jan 8, 2008 in Data portability, OpenID
As data portability edges its way into discussion in first world countries and big Internet starts pawing at it, the discussion seems to have arrived with a relative paucity of skepticism regarding the inherent risks. There has been some criticism, but not as much as I think it warrants. Now, I’m not a technologist, so I cannot comment in depth, nor on a technical level, on how allowing one’s identity information to be sent from one site to another would open you up to danger.
What I do know, is that I have read no discussion of any sort regarding the kind of dangers and possible scenarios that might be in store for Internet users in repressive regimes. Internet content and communications companies have evinced a wholesale disregard for their users’ safety around the world from the very beginning. I find it extremely hard to believe that, if big Internet does move into data portability, they will not cut that clothing out of whole cloth. It is highly unlikely, in other words, that should these companies decide to invest in data portability, you will be able to exempt yourself from it. Exemptions cost money.
This seems like another case of presuming a “global” innovation without taking the trouble to examine its untidy implications. In the United States or Finland or Japan, after all, what’s the worst thing that could happen if your data gets hijacked? Theft? In Iran or Egypt or China, the worst that could happen is your death.
If I find any writing on this topic, I will certainly post a link to it. If you know of any, or spot any in the future, please share it. Just as in the Internet bubble of the late ’90s, I find the media that covers these innovations (the “social media media”) to be uncomfortably close to that previous era’s uncritical cheerleading. Or perhaps more accurately, these journalists, whether mainstream or new media, seem to spend more time splitting hairs within the topic than addressing its real importance to the life lived outside of it, and which it has the potential to affect on a large scale. I hope this post is seen as a challenge to those involved, not to be pointlessly negative, but responsibly skeptical, thorough and grounded in a real-life context.
I think an extraordinary amount of skepticism is in order.
Chris Saad | Jan 8, 2008 | Reply
Curt, just because DataPortability makes a connection *possible* does not mean the connection is automatic and lacking any privacy control.
Each time a new application wants access to your personal data, the user is prompted and asked for permission - just like OpenID and OAuth work.
This is not a free-for-all. It’s a technical initiative to give users control to build bridges between the vendors/apps they trust.
Curt | Jan 8, 2008 | Reply
Alright, Chris. Let’s say there will be no automatic enlistment of a user into a system of data portability. (I wonder, but let’s posit this as a given.) What you wind up with in regions with repressive governments, and what you wind up with considering the many companies who’ve colluded with security services in these countries, are users who are not well-versed in the niceties and implications of these things. So, they sign up for OpenID (or any kind of data portability…thingee is I believe the technical term), not understanding what it is and find their information accessible from a host of different points they would not be were it necessary to sign up for each service differently. They discover this in an interrogation room, when it is much, much too late. Like I said, I hope to see more coverage of this particular issue. I am doing my best to get up to speed but it’s difficult. Most people won’t.