I am not paranoid, or at least I don’t consider myself to be, but the adoption of OpenID by the Obama administration at Change.gov is scaring the heck out of me.
Firstly, let’s look at the advantages of adopting OpenID, and there are a few. Because OpenID allows you to use the same login account across the internet, you don’t have to remember a lot of accounts or passwords, more importantly, it allows you to establish a unified cyber-identity that goes with you from website to website leaving a digital trail of where you’ve been. It’s like having an RFID chip installed in one’s skull.
For example, Jane Doe at Change.gov is the same Jane Doe at Technorati , DeadJournal (no typo) or even ClaimID because she uses the same OpenID account to access the sites. Thus she maintains the same identity and reputation wherever she visits.
Having said that, It is one thing if her cyber-adventures are confined to private websites, but the moment she goes to Change.gov, she opens herself up to Big Brother, who can very easily develop a cyber-profile based on data mining her OpenID account.
Incidentally, the data mined is the basis for an emerging field called collective intelligence.
When the private sector e.g Facebook, uses data mining to get customer profiles it is detestable but expected, when the Federal Government blatantly gets into the act, it should frighten anyone who values freedom.
The Feds have a virtually unlimited budget, the terrorist surveillance program as a legal framework, and now through the change.gov portal, a free starting point. The fact that Obama voted in support of FISA, under which domestic spying is allowed does not help diminish this argument. Oddly enough, even East Germany did no have it this easy.
Every day, people are being investigated by law enforcement agencies and evaluated by potential and existing employers, marketers and even mobs via their Facebook and MySpace profiles. Those who use their OpenID to access Obama’s “change” website are opening themselves to the same potential scrutiny, albeit by the Federal Govt itself.
How OpenID Works:
Part of the OpenID standard is that you have the option of sharing the personal information you have stored at your OpenID provider with a relying party (a Web site you’re trying to log into). By doing this, you don’t have to re-enter the same registration information into multiple Web sites. You normally configure what data can be shared when you log into a Web site with your OpenID identifier for the first time
If you click “allow forever”, that same data is re-shared with the relying site each time you log in — including any updates you make on the OpenID provider site. You only have to keep the data up-to-date in one place, it also means that if you’ve changed the level of trust you have in your OpenID provider (say, by changing your stored email address from a throwaway junk-magnet to your real address), that information will get shared to relying parties also.
Third, even though you have the option of telling your OpenID provider to stop sharing data with the relying site, there’s no part of the protocol where an OpenID provider can tell a relying party to ditch data you’ve already shared.
An excerpt from a Houston Chronicle story on Data Mining…
But even its practitioners acknowledge that, if misused, collective intelligence tools could create an Orwellian future on a level Big Brother could only dream of.
Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology.
“There are so many uses for this technology — from marketing to war-fighting — that I can’t imagine it not pervading our lives in just the next few years,” says Steve Steinberg, a computer scientist who works for an investment firm in New York.
In a widely read Web posting, he argued that there were significant chances that it would be misused: “This is one of the most significant technology trends I have seen in years; it may also be one of the most pernicious.”
A few caveats.
Firstly, if the feds want you , they can still get you, even if you use different email addresses and handles on the internet. A subpoena to your ISP based on your IP number would identify you within hours.
Secondly, not everyone is required to use an OpenID (yet), then again, not everyone is required to use a Social Security number.
Thirdly, even in the case of OpenIDs, to identify you across more than one domain, your OpenID has to be accessible to bots and/or the naked eye wherever you log in.
However, are the three factors above going to come into play for everyone who uses OpenID at change.gov? Probably not, afterall, how many people have been burnt because of private information on their social networking sites being linked to their non-social networking activities?
Posted by PUMA Pundit
