From: <djg2120@columbia.edu>
  To  : <CPC@emoglen.law.columbia.edu>
  Date: Tue, 28 Feb 2006 01:26:53 -0500

IBM Looks at Online Privacy

IBM Looks at Online Privacy

Consumers should control their data, not doctors, banks, and retail
sites, says IBM.

February 27, 2006

IBM said Monday it will attempt to change the way online commerce is
currently done with an open source security system that allows users
to take more control of the access that businesses have to their
personal online information.

The project, codenamed “Higgins,” was announced by Big Blue, open
source software vendor Novell, and Parity Communications, a Boston
startup operating in an area it calls “social commerce.”

Project Higgins will allow users to play an active role in the
management and oversight of their personal online information,
including medical records, credit card numbers, and online sales
history.

Users will take control of how that information is updated and
shared with other trusted online web sites. Currently, users’
identity information is stored at many trusted web sites such as
banks and retail sites. The data there is subject to different
standards of management, different state and country laws, and
different levels of security.

“We think that users should have more control of that information,”
said Nataraj Nagaratnam, IBM’s chief architect for identity
management. “It will also give them a chance to determine what
constraints should be applied to the usage of that information.”

A user can then determine who has access to their medical records
and how they are managed or shared once they are made available to
a trusted partner.

For instance the electric utility would have zero access to a user’s
health records while the user’s doctor would have complete access to
the data, despite the fact that both are trusted partners. And an
auction site such as eBay would have access to a user’s online
sales history, but a bank would not be granted access, for
instance.

Consumer Oversight

Project Higgins is based on a concept developed by Harvard Law
School’s Berkman Center for Internet & Society. To make the system
successful, banks and other sites that require personal information
would have to participate.

To ease the adoption of Higgins, IBM is basing the technology on
open source software, according to Mr. Nagaratnam. IBM, a major
open source booster, plans to incorporate Higgins into its identity
management software.

“The open source nature of Higgins is important because there are
all kinds of systems in which personal information is stored and
accessed,” said Mr. Nagaratnam. “The Berkman Center brings in the
perspective of law, and the Internet.”

The level of control that users have over their personal online
information is governed by a number of factors, including geography
and the laws in various states governing the use and management of
personal information.

There are also state and federal laws governing the use and
distribution of consumers’ Social Security numbers, medical
records, and some other data.

Higgins is able to incorporate rules based on laws governing the use
of information and consumer rights. The technology can then be used
by consumers to enforce the legal control they have over the
management of their information, and even help them manage the
personal aliases they use online.

“In the case of eBay, that control will extend to pseudonyms against
which our online history is stored,” said Mr. Nagaratnam.

http://tinyurl.com/rpqhy
            
Daniel Grimm
djg2120@columbia.edu


-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list