Security and Identity: Balancing Privacy, Flexibility, and Ease of Use

Page 1 of 5

In October, The Wall Street Journal reported that several popular Facebook applications had been transmitting users' personal identifying information to literally dozens of advertising and internet tracking companies. While Facebook maintains that there is "no evidence that any personal information was misused or even collected as a result of this issue," not all observers have been appeased. In the article, Marc Rotenberg, executive director of the Washington, D.C.-based Electronic Privacy Information Center, said: "Facebook has been assuring users for a very long time that their personal information will not be available to advertisers." And it's fair to say that some of Facebook's estimated 500 million users are becoming increasingly skittish about just how their personal information is being used.

Scarier yet, say privacy experts, is the growing use of geolocation technology. Marilyn Prosch, co-creator of the Privacy by Design Research Lab (PbD RL) at Arizona State University in Tempe, notes that the use of geolocation data has the potential to create even more intrusive situations for people. "Technology is now advancing so it not only can identify who you are on your home computer connected through an ISP but also on all of the location-based data coming through on cell phones through the applications that you download," she says, admitting she was shocked recently when a newsfeed application asked her for her location data. "I thought, I just want a news feed. I don't need local news. Why do you need to know where I am?"

Security is big business, and it's an issue that impacts organizations in public, private, corporate, personal, for-profit, and not-for-profit settings. Balancing the need to provide ready access to content with both the need and the right to know, while securing data and information from those who have neither, can be complex and challenging.

Of course, the process of preventing unauthorized access to various systems often requires capturing certain identifying information from users, and that's where things can become very sensitive, very fast.

Julie Smith David is an associate professor at the W.P. Carey School of Business at Arizona State University in Tempe and Prosch's co-creator of the PbD RL. "Organizations must be committed to maintaining employee and customer privacy," says Smith David. "This is really becoming an issue in the boardroom, as well as at people's personal computers. We all want to make sure our data isn't inappropriately shared or sold."

Consumer users aren't the only audience with concerns related to identity and security. Content owners also have a stake in making sure that the people accessing their content (or intellectual property) have the authority to do so and that they are who they say they are. Content owners need to consider not only what information they will share freely and what they will require authentication (based on membership in an organization, payment for access, etc.) for. Additionally, they need to consider how much individually identifiable information they will capture and store.

Page 1 of 5