The Drawbacks of Federated Identity
A Potential Nightmare in the Guise of Convenience
By Roger L. Kay
At Facebook’s recent annual developer conference, F8, the company announced Facebook
Connect, a means of sharing identity information among multiple social networks, and founder
Mark Zuckerberg started talking about how nice it would be to share identity information between
social networks.
Nice for him, that is. As an increasingly dominant forum, Facebook stands to gain by almost any
association it makes. Like a large galaxy absorbing the stars of smaller star systems nearby,
Facebook can use its gravity to pull subscribers from other networks toward itself. Bigger is
always better in the social network biz.
But there’s more potential evil here than a larger network simply absorbing lesser ones. The
concept of federated identity — a profile of you that exists out on the Web, independent of any
particular application, an aggregated you composed of the sum of all your parts — is a bit scary,
to say the least. This digital profile could be reflective of what you want to show of yourself — or
not. As everyone knows, the Pandora’s Box aspect of the Web is that once something’s out
there, it can’t be called back. An example is illustrative. What if you’re a philanderer and your
address book is filled with names, phone numbers, and addresses of your hundred and one
girlfriends? Share that, and you’re hosed. And what if you’re just an ordinary Joe or Jane with
nothing special to hide? Your profile would make perfect input for an identity-theft scheme.
If you hit the “Find Friends” button on Facebook, you get a few choices including “Use Webmail
Contacts” and “Upload Contact File.” The site offers helpful tips like “Searching your email
address book is the fastest and most effective way to find your friends on Facebook” and “If you
use Microsoft Outlook, you can import your contacts into Facebook automatically.” You can click
on a button to upload your Outlook contacts to Facebook, and the site promises “We won't store
your login info or contact anyone without your permission.” Well! I feel better now. A contact file
is like the old Rolodex. For some people, it’s pure intelligence. A sales person might seek to
leave his or her employ with only a single item: the contact file. Elsewhere, Facebook asks
innocuous-sounding questions like “Add Twitter to your Facebook account?” Sure, go ahead
and add my Twitter contacts with my Facebook account. Then, there’ll be only one place to rob.
Reading the policy on Facebook regarding the sharing of information gives cold comfort. The
terms of use for downloading an application that runs on the Facebook Platform contain
disturbing fine print. Under “Consent Regarding Use of Facebook Site Information,” the
description reads: “In order to allow you to use and participate in Platform Applications created
by Developers, Facebook may from time to time provide Developers access to the ‘Facebook
Site Information’” … (and note the legalese, always a bad sign) … “[which] may include, without
limitation, … your name, your profile picture, your gender, your birthday, your hometown location
(city/state/country), your current location (city/state/country), your political view, your activities, your
interests, your musical preferences, television shows in which you are interested, movies in
which you are interested, books in which you are interested, your favorite quotes, the text of your
"About Me" section, your relationship status, your dating interests, your relationship interests,
your summer plans, your Facebook user network affiliations, your education history, your work
history, your course information, copies of photos in your Facebook Site photo albums,
metadata associated with your Facebook Site photo albums (e.g., time of upload, album name,
comments on your photos, etc.), the total number of messages sent and/or received by you, the
total number of unread messages in your Facebook in-box, the total number of "pokes" you have
sent and/or received, the total number of wall posts on your Wall, a list of user IDs mapped to
your Facebook friends, your social timeline, and events associated with your Facebook profile.”
Whew! What a mouthful!
So, you think you know Facebook, more or less, and you think you know Twitter, and these sites
let you exert fine-grained control over what you share and what you don’t, but the naïve user
could very easily just hit “upload” or “download” without giving it much thought. And what about
other sites, new ones, coming on stream, built by creators of Facebook applications, asking to
share in this information, this shadow profile of you? Who are they actually, and do they have the
same protections in place? In fact, does anybody have any real protections in place?
* * *
Nearly 40 years ago, when I worked at the very first eCommerce business, founded by my father
and run on Xerox mainframes, we understood clearly the concept of an audit trail. The
business, called AutEx and now owned by Thomson Reuters, connected brokers and
institutions on Wall Street so they could engage in electronic block trading. I was in market
research, trying to find other industries that could make use of an electronic trading network. We
found a few: government bonds, machine tools, even diamonds, but the one project I broke all
my toenails on was the oil industry. For nearly a year, I went around Houston and New York,
learning the structure of the industry (majors, refiners, brokers, traders) and trying to convince
them to come aboard. The key was the majors, at the time, Exxon, Mobile, Texaco, and
Chevron. If they went for it, everyone would come in — an early demonstration of Metcalf’s Law,
which by the way we knew in our bones but never made any highfalutin claims about. Oh, and
we discovered a corollary that Bob may have missed: with the first-rank players on board, the
network becomes a natural monopoly.
It all came down to a meeting in New York between the four majors. They had asked me about
whether transactions were retained persistently in the system, and I had given them the same
bland assurances we foisted on the Wall Street guys, but the reality was different: the electronic
transactions disappeared as soon as the pixels were refreshed and the electrons dissipated
into the ether, but they were logged on magnetic media and ultimately archived to tape for legal
reasons. Even though computer technology was pretty new, the petroleum guys instinctively
understood this mechanism, and, since they engaged in collusive practices daily, didn’t want
any audit trail that could prove they did. They decided not to move forward. Even today,
petroleum trading, still diffuse and ad hoc, lacks a central electronic marketplace.
* * *
So, where might this federated identity of yours reside? After all, even as the concept of “the
cloud” gains velocity every day, a physical manifestation of the abstracted identity is still
required. Somewhere, your contact database is sitting on one or more servers. It might be at
Facebook or at an Exchange hosting facility. If you had a federated identity, fragments of it might
be stored here and there. Your contacts might be stored at MI8, your photos at Flickr, your
preferences in dating on MySpace. But, with your permission, all these sites might interconnect
to create the appearance of an object, the virtual you.
Under the guise of convenience, various social networking sites could interact with this virtual
you, detecting your interests, offering you “discoveries,” showing you films that people “like you”
have enjoyed and so on. It’s a brave new world.
And one I’m not sure I’m ready to join. Of course, I already have in some ways. People can’t
help but leave muddy little digital footprints all over the Web if they spend any time there. But I
instinctively try to fuzz up the picture a bit, obscuring little details — changing the month or day of
birth, the zodiac sign, the city of residence — to create a wobbly aggregate profile. Obscurity is
no guarantee of safety, but it might help.
I see no reason to assist in the assembly a federated identity that I ultimately lose control over
and which might end up in who knows whose database. Unscrupulous marketers (is that
redundant?), one or more governments, malevolent trolls, and various sorts of predators might
be interested in trying their luck with a promising profile. And with Google’s grand ambition to
unify all information, one of its crawlers might sweep up all my disparate Web presences into a
single crystal clear profile of me. I’d rather it be fuzzy, thanks.
© 2008 Endpoint Technologies Associates, Inc. All rights reserved.
Connect, a means of sharing identity information among multiple social networks, and founder
Mark Zuckerberg started talking about how nice it would be to share identity information between
social networks.
Nice for him, that is. As an increasingly dominant forum, Facebook stands to gain by almost any
association it makes. Like a large galaxy absorbing the stars of smaller star systems nearby,
Facebook can use its gravity to pull subscribers from other networks toward itself. Bigger is
always better in the social network biz.
But there’s more potential evil here than a larger network simply absorbing lesser ones. The
concept of federated identity — a profile of you that exists out on the Web, independent of any
particular application, an aggregated you composed of the sum of all your parts — is a bit scary,
to say the least. This digital profile could be reflective of what you want to show of yourself — or
not. As everyone knows, the Pandora’s Box aspect of the Web is that once something’s out
there, it can’t be called back. An example is illustrative. What if you’re a philanderer and your
address book is filled with names, phone numbers, and addresses of your hundred and one
girlfriends? Share that, and you’re hosed. And what if you’re just an ordinary Joe or Jane with
nothing special to hide? Your profile would make perfect input for an identity-theft scheme.
If you hit the “Find Friends” button on Facebook, you get a few choices including “Use Webmail
Contacts” and “Upload Contact File.” The site offers helpful tips like “Searching your email
address book is the fastest and most effective way to find your friends on Facebook” and “If you
use Microsoft Outlook, you can import your contacts into Facebook automatically.” You can click
on a button to upload your Outlook contacts to Facebook, and the site promises “We won't store
your login info or contact anyone without your permission.” Well! I feel better now. A contact file
is like the old Rolodex. For some people, it’s pure intelligence. A sales person might seek to
leave his or her employ with only a single item: the contact file. Elsewhere, Facebook asks
innocuous-sounding questions like “Add Twitter to your Facebook account?” Sure, go ahead
and add my Twitter contacts with my Facebook account. Then, there’ll be only one place to rob.
Reading the policy on Facebook regarding the sharing of information gives cold comfort. The
terms of use for downloading an application that runs on the Facebook Platform contain
disturbing fine print. Under “Consent Regarding Use of Facebook Site Information,” the
description reads: “In order to allow you to use and participate in Platform Applications created
by Developers, Facebook may from time to time provide Developers access to the ‘Facebook
Site Information’” … (and note the legalese, always a bad sign) … “[which] may include, without
limitation, … your name, your profile picture, your gender, your birthday, your hometown location
(city/state/country), your current location (city/state/country), your political view, your activities, your
interests, your musical preferences, television shows in which you are interested, movies in
which you are interested, books in which you are interested, your favorite quotes, the text of your
"About Me" section, your relationship status, your dating interests, your relationship interests,
your summer plans, your Facebook user network affiliations, your education history, your work
history, your course information, copies of photos in your Facebook Site photo albums,
metadata associated with your Facebook Site photo albums (e.g., time of upload, album name,
comments on your photos, etc.), the total number of messages sent and/or received by you, the
total number of unread messages in your Facebook in-box, the total number of "pokes" you have
sent and/or received, the total number of wall posts on your Wall, a list of user IDs mapped to
your Facebook friends, your social timeline, and events associated with your Facebook profile.”
Whew! What a mouthful!
So, you think you know Facebook, more or less, and you think you know Twitter, and these sites
let you exert fine-grained control over what you share and what you don’t, but the naïve user
could very easily just hit “upload” or “download” without giving it much thought. And what about
other sites, new ones, coming on stream, built by creators of Facebook applications, asking to
share in this information, this shadow profile of you? Who are they actually, and do they have the
same protections in place? In fact, does anybody have any real protections in place?
* * *
Nearly 40 years ago, when I worked at the very first eCommerce business, founded by my father
and run on Xerox mainframes, we understood clearly the concept of an audit trail. The
business, called AutEx and now owned by Thomson Reuters, connected brokers and
institutions on Wall Street so they could engage in electronic block trading. I was in market
research, trying to find other industries that could make use of an electronic trading network. We
found a few: government bonds, machine tools, even diamonds, but the one project I broke all
my toenails on was the oil industry. For nearly a year, I went around Houston and New York,
learning the structure of the industry (majors, refiners, brokers, traders) and trying to convince
them to come aboard. The key was the majors, at the time, Exxon, Mobile, Texaco, and
Chevron. If they went for it, everyone would come in — an early demonstration of Metcalf’s Law,
which by the way we knew in our bones but never made any highfalutin claims about. Oh, and
we discovered a corollary that Bob may have missed: with the first-rank players on board, the
network becomes a natural monopoly.
It all came down to a meeting in New York between the four majors. They had asked me about
whether transactions were retained persistently in the system, and I had given them the same
bland assurances we foisted on the Wall Street guys, but the reality was different: the electronic
transactions disappeared as soon as the pixels were refreshed and the electrons dissipated
into the ether, but they were logged on magnetic media and ultimately archived to tape for legal
reasons. Even though computer technology was pretty new, the petroleum guys instinctively
understood this mechanism, and, since they engaged in collusive practices daily, didn’t want
any audit trail that could prove they did. They decided not to move forward. Even today,
petroleum trading, still diffuse and ad hoc, lacks a central electronic marketplace.
* * *
So, where might this federated identity of yours reside? After all, even as the concept of “the
cloud” gains velocity every day, a physical manifestation of the abstracted identity is still
required. Somewhere, your contact database is sitting on one or more servers. It might be at
Facebook or at an Exchange hosting facility. If you had a federated identity, fragments of it might
be stored here and there. Your contacts might be stored at MI8, your photos at Flickr, your
preferences in dating on MySpace. But, with your permission, all these sites might interconnect
to create the appearance of an object, the virtual you.
Under the guise of convenience, various social networking sites could interact with this virtual
you, detecting your interests, offering you “discoveries,” showing you films that people “like you”
have enjoyed and so on. It’s a brave new world.
And one I’m not sure I’m ready to join. Of course, I already have in some ways. People can’t
help but leave muddy little digital footprints all over the Web if they spend any time there. But I
instinctively try to fuzz up the picture a bit, obscuring little details — changing the month or day of
birth, the zodiac sign, the city of residence — to create a wobbly aggregate profile. Obscurity is
no guarantee of safety, but it might help.
I see no reason to assist in the assembly a federated identity that I ultimately lose control over
and which might end up in who knows whose database. Unscrupulous marketers (is that
redundant?), one or more governments, malevolent trolls, and various sorts of predators might
be interested in trying their luck with a promising profile. And with Google’s grand ambition to
unify all information, one of its crawlers might sweep up all my disparate Web presences into a
single crystal clear profile of me. I’d rather it be fuzzy, thanks.
© 2008 Endpoint Technologies Associates, Inc. All rights reserved.
Pandora's Profile
 |
| |
 |