Private Personal Agents vs. Microsoft's Passport

stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"

Privacy rights are still an issue.

[www.sorehands.com]

How secure is this data? I don't mean in the sense of encryption or hacking, but being subject to subpeona.

The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?

Mozilla has this feature

[epsalon]

It keeps your personal data (optionally encrypted) and fills in forms for you. You can then select what data you want actually sent.
Is this what the asker referred to?

The ultimate personal agent

[Invisible+Agent]

a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data.

Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them. Then, I use another technology called my 'keyboard', and type in the relevant data. It takes about 30 seconds usually, and it has none of the potential vulnerabilities that come from entrusting my data to some 3rd party.

Are people really this lazy, or am I missing something?

Re:The ultimate personal agent

[Cynikal]

Yes but don't forget that our era is based on laziness. Anything that makes our lives just that tiny little bit easier is essential to some people. How many people will spend 30 minutes looking for the remote when they could just walk up and change the channel?

Then theres people like my father who *can't* remember half their information. Sometimes i have to call him to get his new email address cause he forgot his password and had to register a new account.. now if only he could get a fingerprint authenticy device to log him into one server that could feed whatever else to whatever site he needed...

I don't know, Its a good idea for some, and a bad idea to others. It depends on what you like. just respect other peoples' choices to decide what THEY like...

Re:The ultimate personal agent

[Yo_mama]

I think you're missing something.

"They" are trying to come up with a system so you don't HAVE to type that data in over and over (good for those of us with RSI). The corporate world throws in the added benifit for themselves of keeping the data that allows them to profile and target consumers. What we need is a system that benefits us. I don't mind helping a company out but I want to choose when to do it.

You can argue that if you don't like it you don't have to do it, but what if it becomes a wide spread system? What if for some assinine system the US government started using MS passport to log into the IRS page and you HAD to file electronically? You start getting boxed into a corner. It's important that we have some say over the information profiles on us.

Re:The ultimate personal agent

[jheinen]

It doesn't matter if people are lazy or not. Your brain and keyboard don't mean squat when you want to order a book from Amazon and it says "Passport required." When all commercial sites require this, you are left with no choice but to sign up and have your data managed by M$. Either that, or forgo purchasing online and start buying all your stuff from brick & mortar shops with cash.

-Jeff

Re:The ultimate personal agent

[spencerogden]

Wouldn't a program on your computer, which stores your info encrypted, and then sends it out when it gets a finger print work? And would also mean you don't have to store your info on a third party?

Maybe I'm missing something?

[mjh]

Even if we have dedicated networks to homes, and even if those networks are deployed to everyone's home like telephones, and even if we create this cryptographically secure database, how do we prevent someone from getting information out of it, and then reselling that information to someone else?

I think that this guy has an interesting idea, but I don't think that it's necessarily a solution for the privacy problem. I do very much like the idea of flipping a switch on my home PC to invite people to advertise to me for services that I need at the current time (e.g. my washer just broke and I need a new one). But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?

Did I miss something in the article that addressed this?

Rich people already have "personal agents"

[JoeShmoe]

They are called financial managers. They get all the bills, they keep tabs on all expenses, they handle all dealings with the financial world. All the rich person does is spend it and read reports on the interest they've earned.

So why shouldn't the rest of us have the same thing? I hate having to update dozens of records across the country every time i change an address or lose a credit card. Switching banks caused a huge uproar in my automatic online banking.

It's like e-mail. I would have to be a complete idiot to use my ISP-given e-mail box. As soon as a switch providers, its worthless since no ISP wants to offer a nice handy eForwarding option (even for a small fee). They want to punish you for leaving. Not even that, sometimes ISPs decide on their own to change their addresses (like what Netscape did when it bought some free webmail thing, or like MediaOne did when they became part of @Home).

So what do I do? I get my own domain and give that out. When my ISP changes, I don't care. Update the record in a single place and I'm done.

Extra layers of abstraction, like this, are desperately needed in the financial sector. I would love to see some AI that could handle the same functions as a financial manager without me having to make enough interest off of my measly savings account to be able to pay his salary.

- JoeShmoe

Missing the point.

[Carnage4Life]

Are people really this lazy, or am I missing something?

Passport isn't about saving keystrokes, it's about control, specifically who has access to your personal data and for how long.

As slashdot has reported in the past, Failed Dotcoms Like Selling Private Customer Data, and a most recent example of this is Egghead.com selling its customer list to Fry's Electronics Twice already I personally have knowingly been bitten by this (CDNow and Egghead) and I have no idea what websites I may have bought a book or CD from in the past that may have failed with my personal info in their databases or haven been sold to a competitor. With a system like Passport, I specify what which websites have information about me, what information they get to see and exactly how long keep this information.

This is just one of dozens of possible Passport usage scenarios.

Consumer tracking?

[sheldon]

I don't want to dismiss the fear, because I think it is important.

But why attack Passport? How is Passport any more centralized than Visa or Mastercard?

You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...

These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.

Interesting approach

[sfe_software]

I personally hate Passport. However, if a centralized system were done *correctly*, there are a couple of advantages.

You can use it from any PC. A "wallet" system is just too complicated for most users (it can be transported, but most users won't bother). Plus, if I'm not mistaken, Passport would work from any browser. Wallet systems (which I believe IE and Mozilla both have an implementation) work only on that browser, and on that PC unless you export.

On top of that, the Passport system is more automatic; get a Hotmail account and you have a Passport account. Use one of the participating online retailers and you have a passport account.

OTOH, if a "wallet" system were implemented that was cross-browser (if not cross-platform), and more easily transportable, maybe it would catch on. I would trust my data on my own machine long before I'd trust it on a bunch of NT boxes up in Redmond (or wherever)...

In either case, personally I prefer to judge everything on a site-by-site basis. I often use a different email address for each site, partly so I can track originators of SPAM lists and such... so neither method would work for me.

Also keep in mind that, if you use a "wallet" system and use the same information at each site, this information could just as easily be shared between sites, and compared/compiled to track your usage, though admittedly it would be more difficult/less likely than a centralized system.