Personal Data Journal

Issue 6 - October 2012 A service of the PERSONAL DATA ECOSYSTEM CONSORTIUM

The Affect Economy:

Who Owns Your Emotions?
Street Identity in Beijing Mozillas Browser ID Goes Live Do You Know Where Your Clouds OS Is Running Tonight? Sins & Ethics for Big Data Personals New APIs Azigos VRM Takes Back Your Inbox 4 New Personal Data Startups

In this issue: Everyday identity in Beijing look like Facebooks real names vision. Your feelings for cash in The Attitude Economy. Windley asks where your cloud operating system should run. The Personal Data Ecosystem Catalyst Workshop reports from London. News: Europes Digital Agenda Assemblys workshop on data called for standards to promote interop and protect individuals; Kaliya was elected to an NSTIC oce; and you still cant see your own pacemaker medical data. Standards: A format for telling your location privacy preferences; new working groups for W3C Private User Agent and OpenID data federation; Mozilla Personas Beta; OpenID Connect Interop OC4 tests results, and a new UMA draft. Tips to phil@pde.cc. Contents 1. Deep..........................................................................................3 Beijing: Identity and Security in Everyday Life ...........................4 The Attitude Economy: Who owns your emotions? .................6 Where Does the CloudOS Run? ..................................................10 Rough Notes from the September Catalyst Workshop ........14 2. Wide ........................................................................................26 News ..................................................................................................27 Standards .........................................................................................33 Startup News ...................................................................................44 3. Actionable ..............................................................................52 Book Reviews ..................................................................................53 Calendar ...........................................................................................55 PDEC Directory ...............................................................................62 4. Aftermatter ............................................................................64

Personal Data Journal #6, page 2

Table of Contents

Deep
Diving into rich ideas, experiences, and models.

This month we bring you reports from Beijing, California, Utah, and London. Kaliyas observations on everyday identity in Beijing look like Facebooks real names worldview: China ties all Internet use to your national identity or mobile account. Phil Wol shows how your emotional metadata is becoming a commercial product in The Attitude Economy, challenging individuals, startups, enterprises, and governments. Phil Windley asks where your cloud operating should run, diagramming your technology architectural choices and their business eects. Phil reports on his experience building cloud products. Participants in the Personal Data Ecosystem Catalyst Workshops, Tony Fishs monthly London implementers unconference, again reported on progress and issues as XRI and other personal data eorts intensify in the UK.

Personal Data Journal #6, page 3

Table of Contents

Beijing: Identity and Security in Everyday Life

Kaliya Hamlin, PDEC Executive Director
Kaliya visited Beijing and Tianjin mid-year for Summer Davos, a Young Global Leaders meeting. These are some of her observations on real world tracking and surveillance.

Travel Documents Required for Foreign and Domestic Visitors.

I had to apply for a visa to get into China. It was the most detailed visa application form I ever lled out. It asked me the names of my relatives and their occupations along with details about my work and itinerary. The application process seemed to go ne with my letter from the World Economic Forum inviting me to attend. Entering China at the airport, they took my photo, just like in the US. They did not ask for my ngerprints like they do when I enter the US. We had to show our passport at hotels, just like in the US. It was photocopied along with our visa page. Chinese people also had to show their national ID cards. When we entered the train station from Tianjin to Beijing, on the train we, along with everyone else, were required to pass through a train station checkpoint. It seemed like this station was for managing internal migration. The Chinese have the Hukou System where citizens are registered as part of a family and located in a place. It has been used to manage migration from rural areas to urban ones.

Personal Data Journal #6, page 4

Table of Contents

Internet Access Tied To Phone Numbers.

Registered Chinese mobile numbers seem to be the key to getting on the internet in China. If you do have one you can get on the wi at the airport in China. If you dont, you can put your passport into a machine and China Mobile will issue you a user-name and password. To get a password to get on the internet at any local cafe one needed to provide a Chinese mobile number. Then the password is texted to the phone so there is direct device authentication. To get a Chinese mobile number you had to provide identication. We were, however, able to get a password to get online without showing ID at the Starbucks at the pearl market near our hotel. In talking about the state of identication and the Internet one individual, who had spent a large potion of time in the liberal west growing up, commented to me that they felt uneasy about having to link all transactions to a mobile number.

Your Parcels Will Be Inspected.

Before entering all subway stations, you had to put your bags and packages through an x-ray machine. Yes, going into the subway was like going through airport security. To get into public monuments and public places like Tiananmen Square, one also had ones bags x-rayed. It all reminded me a lot of my visit to Jerusalem in Israel/Palestine in 2000; army/police searched folks to get into shopping malls.

TL;DR
Everyday ID in Beijing for a foreigner is a lot like in many Western democracies except for Internet access tied to your mobile phone account.

Personal Data Journal #6, page 5

Table of Contents

The Attitude Economy: Who owns your emotions?

by Phil Wol, PDEC Strategy Director

Sentiment analysis turns your feelings into data. Someone else owns that data. Lets look a bit at why this is important. The web rewards passion with attention. The fth Sentiment Analysis Symposium got me thinking about this intimate technology. As we express ourselves, lexicographers, computer scientists, cognitive

Personal Data Journal #6, page 6

Table of Contents

scientists, and engineers are building services to analyze our words, our faces and bodies, and our voices. They score what we feel, our intentions, and anything else inferable. The object: improved insight into people. Personally, I'd love this for introspection and relationships. I'd like to better understand myself, to reveal patterns in my thoughts, feelings, and behavior. Perhaps I could become a better man through heightened self awareness, turning my everyday activity into a path toward enlightenment. I'd also use sentimental tools to better present myself, communicate more eectively, be more persuasive when it counts, establish rapport and get things done with others. This capacity for sentiment analysis, to understand and interpret ows of meaning and emotional subtext, is worth a great deal to industry and government. Sales depends on emotion. Advertising, customer service, investor relations, media relations, channel marketing, and word of mouth marketing all improve with sentiment insight. Fraud detection, signals intelligence, recruiting employees, uncovering traitors, and timing stock trades all benet too. The promise is huge yet sentiment analysis is still an infant. As I see it, the path forward looks something like this. Today, we're making better snapshots of sentiment. Soon we'll have better temporal models. Then better social and interactive models. Finally, better manipulation, inuence and self control. More specically, over the next ten years we'll see: Scale. If you thought the Twitter Firehose was big today, in ten years... Ubiquity. "Sentiment Analysis as a Service" will make it easy and, eventually, cheap to build SA features into nearly every application, device, and digital experience.

Personal Data Journal #6, page 7

Table of Contents

 More complete proles of individuals. There will be more data about you under one index, perhaps even under your personal control, like a Personal Health Cloud. This suggests more input for SA engines, less concern about data sparsity. Longitudinal analysis. Where are the cycles and patterns in sentiment? How does Phil's attitude change during the day, year? Root cause analysis. What activities or people aect Phil and how? If we can see what Phil reads, where he goes, who he talks to, how much he moves, music he hears, what he eats, can we identify likely triggers for sentiment and aect changes? Realtime scoring. At scale, limited only by latency. Scoring reect new models of cognition. Neuroscience and cogsci will inform what and how we measure, analyze and report. How likely is it that new social gestures will amplify patterns discovered through brain imaging? Analysis of non-textual inputs. Facial microexpressions captured in Skype chats, body language in YouTube videos, gestures in Google Glass, typing speed/ interval/error patterns in Bing search, stress analysis in voice calls, clickstreams in Chrome, check-ins in FourSquare, physiology from Quantied Self loggers all will complement text analysis. Micropublic reporting. How are the people attending this meeting in two hours feeling now? This is aggregating sentiment for smaller, dened groups. Predictive sentiment analysis. How will they feel when the meeting starts in two hours? What are likely causes of drift? Sentiment streaming. Sentiment as realtime presence. Phil's mobile emits a stream of Phil's happiness, engagement, focus when he's awake.

Personal Data Journal #6, page 8

Table of Contents

 Ownership. Lots of companies and government agencies will infer your attitudes and emotions and compile sentiment dossiers on you. You will struggle for control over your personal and social sentiment data. EU will extend privacy rights and personal data rights to sentiment data inferred by third-parties. Liability. Death, job loss, misdiagnosis, or another horrible outcome will produce law suits and establish nancial accountability for errors and misuse of SA results. So however eective sentiment analysis is today, it's going to be high-, pervasive and weaponized tomorrow. SA will aect society. For good. For evil. And we don't have tools to temper the evil. US law doesn't treat personal data as a right or an asset. EU law doesnt treat data derived from observations as the subjects data. What goals would you want to promote with laws about derived sentiment data? What protections would you want for innovators? What constraints and obligations should come with use of sentiment data by people (vs. organizations?) For SA subjects? If I dont see you at this months Internet Identity Workshop to talk about this, lets talk online.

Personal Data Journal #6, page 9

Table of Contents

Where Does the CloudOS Run?

Phil Windley, CTO, Kynetx
Phillip J. Windley, Ph.D. is the Founder and Chief Technology Ofcer (CTO) of Kynetx., a co-founder of the Internet Identity Workshop, and an advisor to PDEC.

A while back, I published this diagram to describe the dierent levels in the implementation of the CloudOS and show the relationship between the construction of a traditional OS and the CloudOS. This is more than an analogy; there is real parallelism.

Personal Data Journal #6, page 10

Table of Contents

Two open source projects, KRE and XDI, make up the kernel. Anyone can run them. (Note: for now, its probably easier to just sign up for a free account on the service hosted by Kynetx. At this point the open source projects are not easy to set upbut it is possible. Were actively working on xing this with more than one partner.) We are building out the required services and some basic applications. They are not yet available; the alpha version should be online by November. Ill be blogging about the services as we go. The preceding diagram led to a question from a friend: Where does the kernel run? The ippant answer is in the cloud. But thats a mighty big place. For example, does every personal cloud implement this entire stack from top to bottom? Is there an instance of the kernel for every personal cloud? Or is the kernel running centrally somewhere (say Kynetx) and everyone just uses that. The answer is that neither of these two scenarios is correct. The real architecture is somewhere in the middle. The confusion comes from conating the idea of a personal cloud with its implementation. A personal cloud is an extremely lightweight virtual machine. So lightweight that we can aord trillions of themand in my plans well need trillions because well want every person, place, or thing to have one. Not just one personal cloud for each type of thing, but for each instance. Each person will control dozens, maybe hundreds. A large business might have control of many thousands and relationships with millions of personal clouds. Because theyre lightweight, virtual machines, there is a hosting level, where the infrastructure to run them lives and also a virtual level, that we think of as the personal clouds. The following diagram shows this:

Personal Data Journal #6, page 11

Table of Contents

In the hosting space are computers that run the softwarethe kernelthat implements the personal clouds for a hosting company, other institutions like banks and telcos, and even a self-hosted instance. Any given instance of the kernel can support many, many personal clouds. Institutions in the diagram are oering personal clouds to their customers. They may oer custom services or applications that make their distro of the CloudOS unique, just as dierent Linux distros are unique and t dierent needs even as they sit on a common kernel. In the cloud space are the personal clouds that run on each host. A person might control personal clouds from many dierent providers, just like we have Websites in dierent places today. The fact that personal clouds are hosted in dierent places doesnt aect their ability to link to each other.

Personal Data Journal #6, page 12

Table of Contents

Note that the relationships ow between personal clouds and not the hosts. Suppose you and your friend want to link your personal clouds. Theres no need to your bank and your friends hosting company to cooperate for that to happen. As I envision them, personal clouds mirror exactly the architecture of the Web on which theyre based. They are decentralized and independent. Even so, they are linkable through an open standard. This idea is critical because it gets us out of the world that Web 2.0 built, where customers are given great functionality, but in Webhosted applications that are very unlike the Web. Web 2.0 applications cannot be linked by users and dont generally work together. APIs arent enough, as companies like IFTTT have found out in dealing with Twitter. For now, Kynetx is hosting an instance of the kernel upon which personal clouds can be hosted and the CloudOS can be run. We are working with two partners on getting other instances of the multi-homed kernel running. The hearty can host their own. And each of the clouds hosted on these various instances will be completely able to work with each other. The deployment strategy for personal clouds, aligns with the architecture of the Web: decentralized and open.

Personal Data Journal #6, page 13

Table of Contents

Rough Notes from the September Catalyst Workshop

by Tony Fish, PDEC Board Member and convener of the London Catalyst Workshops. The September 4th London Personal Data Ecosystem Catalyst Workshop included: a roundtable asking should users authenticate their providers; brainstorming on who owns the customer ID and will customers pay for ID; dive into OIX focuses on consumer value and consumer control; report on two projects using assured identities for excluded groups for access to government services; an update on a cabinet oce age verication pilot; status of the Government Identity Assurance (idA) programme; and an architecture for signing things online.

Sasha UCL - Should Users Authenticate their Providers?

Notes: C. Fletcher. Sasha is a Usability Researcher from College London and has been prototyping possible ID solutions for use with government transactions, e.g. student loans. Students have been defrauded by bogus websites when entering the website without typing in the URL; this is mainly done through links sent to them in emails. There is a need for a trusted starting place for ID Assurance and authentication. Many questions were asked:

Personal Data Journal #6, page 14

Table of Contents

 How can we promote this to the government to make it a priority? People dont understand Trusted Paths and why they are needed? How do you prove that you are interacting with a website, would an independent path to verify help? People are generally lazy and enter websites without knowledge of problems? RSA site for user authentication Bogus websites have pixel identical frames OTP (one time password) using multi-level authentication, was considered by some as too onerous Dont put the reliance completely on the user There should be a best practice for all relying parties ie ISP, Email client, browser and device Where does the liability lie? Consumer or Government? There are technical solutions Phishing agents quickly adapt to changes in anti-virus protection Are there usability guidelines? What are the user experiences? How do users alleviate fraudulent use? Students are seen as arrogant, that they can tell the dierence between a fraudulent website and the original. British Retail Consortium stated that online fraud accounted for 200million in the previous year. Statistics are 2 weeks old. All loses are eventually passed onto the consumer. Should usability be sacriced in order to achieve greater security? What are we trying to achieve ie drive down fraud or save on costs? Alpha Projects were suggested post workshop.

Personal Data Journal #6, page 15

Table of Contents

Who owns the customer ID? Will customers pay for ID?
Notes: Rob Laurence Who owns the customer? In the context of the discussion the customer was described as The person whose identity was assured by the IdP to a benchmark level (1,2,3 etc) A claimant of the RP (eg DWP) A payee to the RP (eg HMRC) The customer would be subject to the T&Cs of one or more IdPs and one or more RPs on a one-to-one basis. Within an end-to-end business process (from a customer enquiring about a service from an RP to engaging in that service) the customer would enter or be part of more than one legal relationship, each covered by its own T&Cs. In the context of the IdP/customer and the RP/customer relationships there would need to be a clearly-dened hand-o point between the IdP and the RP (with the hub as the intermediary) that is transparent and understandable to the customer. The underlying issue behind the question would seem to revolve around the legal positions of the IdP and RP, the liability model and where risk lies. This appeared to workshop attendees to be unclear and certainly untested, with anecdotal comments surrounding the DWP procurement process of concern.

Personal Data Journal #6, page 16

Table of Contents

 What about data attribute providers? Who owns the data about me? HMG, supplier, employer, but not me at present. Will customers pay for an identity provider service? General views expressed. There will never be a one-size-ts-all service. Age and socio-demographic segmentation of the population will identify dierent needs across dierent groupings. Should customers be forced to pay for an IdP service in the same way as they would have been forced to buy an ID card? View was categorically no unacceptable/unworkable. Customer (some) condence may be higher if they paid for a service. Would customers see a value and pay for the convenience or control around having a single credential that could be used with many organisations? The market will nd its own level. Dierent business models will emerge and some will become established (just as with the iPhone and Android App market free with ads, pay without). IdP service companies will oer additional services tailored to their market segments. Some service providers could sell your data and pay you a cut or oer points. Could employers become IdPs, allowing employees to use their company-issued credentials?

OIX: Services, Focusing on Consumer Value and Control

Notes: Nicky Hickman

Personal Data Journal #6, page 17

Table of Contents

Overall This session of OIX was marked by a shift in emphasis towards services enabled by identity and a focus on consumer value and control. Services Sessions on trusted services for social care (Microsoft) and greater consumer Inclusion (CHYP) demonstrated how identity assurance could enable access to nancial services for those who have been excluded economically, digitally or through age and/or disability. There was also an increasing emphasis on Relying Parties, and the key enablers required for building a vibrant commercial eco-system around core Identity Assurance services such as credentialing and authentication. Adding new services such as Document Signature is demonstrably easier once the core building blocks of IDA are in place. Consumer Value and Control As well as the focus on accessibility (perhaps relevant to the 6th Law of Identity (Human Integration)), there were sessions on consumer relationships with IDPs, AtPs and Relying Parties including new ideas of oering consumers the ability to authenticate suppliers were also discussed. This suggests that there is scope for further balance within the eco-system by increasing the power of the consumer to control services and manage relationships with Vendors or Suppliers by, creating individual trust networks which bind users into groups and dene their roles within those groups, as well as their relationships with Relying Parties. Several lovely usecases for these emerging mini-trust-frameworks were supplied by trusted-services in social care, online age verication and the up-coming requirements to support businesses for HMRC Identity Assurance.

Social Care, Trusted Services and Inclusion

Notes: Nicky Hickman This was a combined session run by Microsoft and CHYP Both projects are trials or prototypes which aim to use assured identities to enable access to services for excluded groups

Personal Data Journal #6, page 18

Table of Contents

 Social Care services from informal sector (family, friends, 4th Sector) focusing on use cases in the Deployment of Assisted Living Services at Scale (DALLAS) HomePay, a service designed for the nancially excluded enabling them to make use of a TV interface in order to manage their money and have access to a wider range of banking and billing services Both projects had a focus on developing a trust model with levels of delegation of authority to a uid network of real-world actors outside formal supplier networks. The alignment with COs trial on Lasting Power of Attorney was noted. Next Steps Considering a combined pilot which would enable users to access a range of services (including fun stu) and include further relying parties Follow up with connections to other relying parties Session hosts to send wish-list to OIX Session hosts to try and provide a demo at next OIX

Age Verication Update

Notes: Emma Lindley Rachel O Connell update on cabinet office AV pilot

Work on AV was commissioned 18 months ago Combating cyber bullying Highly emotive subject They are focused on the payment transactions

Personal Data Journal #6, page 19

Table of Contents

Very specific issue can we enable online age verification for digital content PEGI enforceable across Europe Low cost age verification solution to address those issues Practical, usable - what are the integration costs (need to be low) Brought this into OIX Access to government attributes?? Lengthy investigations into new data ( turned up blanks ) Response from the banks is that the task is too big (databases not in shape to be used)

ALPHA project - Cabinet office met recently Feb 2013 - want to go live with an existing e-tailer Time bound If there is a successful outcome

Limited number of participants will be involved Minors (age restricted to 15) and parental consent

Some debate around what is the purpose: Is it a compliance reason or an enabler

The BRC said they have a number of etailers who are interested being involved in the pilot Mix of online and bricks and mortar

Personal Data Journal #6, page 20

Table of Contents

BRC said tick boxes are not enough so there needs to be another system BRC asked the question "is what we trying to do achievable?" Timescales

No longer than 6 months September - Definition of solution design October - look to establish participants Feb go live

Retailer, payments company, research agency, trading standards, BDRO are the stakeholders who will be involved. And from John Harrison: re proof of age. The gist was that with the support of two or three others [notably John Skipper from PA, and Mark King from EADS (I think) ] I pointed out that (i) there was a risk in regarding proof-of-age as a standalone application, rather than as just one application of a general purpose infrastructure for attribute exchange; and that (ii) it would better to recognise the general nature of the problem, and then run two or more pilots of the generic infrastructure, each focused on a different app / target set of customers, e.g. proof of age for minors, and proof of student status / qualifications for students. This suggestion didnt go down too well with Rachel OC she wants to press ahead regardless, and get a proof-of-age pilot running by Feb next year, using Cabinet Office alpha-funding. I am to resend an email that I wrote to her before the summer, and try to set up a longer discussion.

Personal Data Journal #6, page 21

Table of Contents

Government Identity Assurance (idA) programme

Session by: David Rennie Notetaker: Jeremy Newman idA at Cabinet Office - led by Government Digital Service; Chaired by Mike Bracken - part of the "Digital by Default" imperative Cab Office can stop any govt agency spending counter to whatit is adopting, so control is there. Main programme is procurement underway at DWP - EuJ in March On target to create a market of between 4 and 10 identity services - framework by end of month 18 months lifetime of framework - other departments are expected to use the identity services Aimed to meet specific needs of Universal Credit Example is Business Identity - HMRC is likely to be second Second framework to follow first incorporating lessons learned Identity services contracts procured by DwP to run for 3 or 4 years Sessions will be run to resolve differences between schemes and services Once contracts are in place and identity services are known suppliers to run working groups to explore scheme rules - governing interoperability between different parties using a tiered approach - starting at next OIX meeting branding - relationship between brand and technical architecture standards and certification

Personal Data Journal #6, page 22

Table of Contents

 communication redress process - ombudsman billing - how will this work? Plan is to be transparent in how these are run - open to all (governance between idSP and DWP) - but not so as to slow up the process How does OIX play in this? a forum/meeting place to bring conversations together international; wishing to avoid IP barriers; private sector led Q: Harmonization across the players: how does this work without creating a lot of silos? A: We have a well-designed technical architecture, but work is required around the commercial model. It has to work for Universal Credits in one year's time. Q:Why have The Netherlands project taken two years? A: Chicken-and-egg situation, but now getting on to the right of the "hockey stick". We can't take two years, so we have to work together i.e. credentials have to be in customers hands before they go the DWP for Universal Credits. There are several departments who want to follow through. Q: How are schemes adapted to do different things e.g. supply different attributes A: Not sure yet whether there will be variations on a single scheme with different rule sets, or several schemes. E.g. need to enable

Personal Data Journal #6, page 23

Table of Contents

counter transactions i.e. not just online. Trying to keep "trust frameworks" separate from "schemes" e.g. Visa scheme, different trust frameworks in different countries. Q: Consumers don't understand levels of assurance - front office process needs to be really simple. A: Back office process deals with attributes such as how many children, etc. We should be able to commoditize the identity "who you are" part.

Q: Is there going to be a single SAML spec for all idA? A: Hopefully. Want government to be an intelligent buyer and needs to understand how to tie SAML to different levels of assurance.

Personal Data Journal #6, page 24

Table of Contents

On Signing Things Online

Jon Shamahs presentation, Digitally Signing Forms at IDA Relying Parties, walked through the user and systems workow. It raised a few questions:

The IDA does not currently support digital signatures for signing on-line forms as part of the core architecture. Are agencies willing to move to on-line signing of forms? Do/will we need digital signatures to do this? Can this form an ROI case to encourage joining IDA?

Personal Data Journal #6, page 25

Table of Contents

Wide
Surveying the environment for trends and context.

Jean Russell.

In news, Europes Digital Agenda Assemblys workshop on data called for standards to promote interop and protect individuals; Kaliya was elected to an NSTIC oce; and you still cant see your own pacemaker medical data. In standards, tell your location privacy prefs;; new W3C and OpenID working groups; Mozilla Personas Beta goes live; we show results from the OpenID Connect Interop OC4 tests, and UMA released a new draft.

Personal Data Journal #6, page 26

Table of Contents

News
Digital Agenda Assemblys Workshop on Data Calls for Standards
Markus Sabadello, Project Danube From June 21st to 22nd, the EUs second Digital Agenda Assembly took place in Brussels. The Digital Agenda has a broad scope and is the EUs overall instrument for delivering sustainable economic and social benets from a digital single market based on Internet and interoperable applications. It is considered one of seven agship initiatives for the long-term Europe 2020 Strategy. It is headed by the EU Commissions Directorate-General for Information Society and Media (DG CONNECT) and by its Commissioner Neelie Kroes.

The Assembly is the culmination of a permanent process which among other mechanisms features an online engagement platforms, where stakeholders can discuss issues and provide feedback. On the rst day of the Assembly, eight workshops on various topics ranging from cloud computing to social media were held. On the second day, a plenary session was convened, which presented workshop reports, keynote speeches, panels and awards.

Personal Data Journal #6, page 27

Table of Contents

Most of the workshops had a clear focus on economic issues and asked how digital technologies can help create jobs and growth. The workshop on data explored the potential of open data as well as personal data, some of the most promising economic and business aspects involved, and discussed how policy for data and investment can better address the challenges of businesses and the public sector and further support innovative business development. The consensus at this workshop was for data to unfold its potential, it must be open and based on common standards on the semantic level. One participant went as far as proposing an Open Data Authority at the EU level. At the plenary session on the second day, one member of PDECs Startup Circle Personal was mentioned: During a keynote speech of Ushahidi Executive Director Juliana Rotich, she talked about how personal data was everywhere and that it can be used for mining and inference, and for doing good for society. She said that it can create new economic and social opportunities if the data is allowed to ow rather than be locked in, and that regulation must not lose sight of this potential. However, she also pointed out that we live in a time of rising privacy concerns and mentioned Personal, explaining that this company is rethinking the question of ownership of personal data and believes that you own your personal data. Reports, pictures and recordings of the Assembly, as well as materials from the individual workshops are available online.

Three kinds of big data

Alistair Croll picks enterprise business intelligence, civil engineering, and customer relationship optimization as three major clusters of big data application through 2015. Each have their own data sources, ecosystems, and cultures.
http://strata.oreilly.com/2012/08/three-kinds-of-big-data.html

Politico Pans Do Not Track

Sept 26. Its an option that doesnt do anything, said former FTC Chief Privacy Ocer Marc Groman, now executive director of the Network Advertising Initiative, a trade group.

Personal Data Journal #6, page 28

Table of Contents

http://www.politico.com/news/stories/0912/81661.html

Comparing US Democrat and Republican promises of Internet Freedom

But specics speak louder than generalities. Obviously, everyone is happy to endorse "Internet freedom" in the abstract. But the administration's actions over the last three years suggests that it places a premium on currying favor with Hollywood, just as the Republicans' nominal commitment to Internet freedom takes a back seat to conservatives' opposition to pornography and gambling. Or consider net neutrality, where supporters want to use government power to keep theInternet "free" for users, while opponents want to keep the Internet "free" from the application of such power.Both sides use the same words, but they're not talking about the same things.
http://arstechnica.com/tech-policy/2012/09/for-dems-internet-freedom-means-vigorously-protectingcopyrights/

Why can't pacemaker users read their own medical data?

In this ten minute TEDx talk, Hugo Campos explains his frustration with the fact that his pacemaker is designed to let his doctor read his biometric status, but to stop the patient from doing the same. As a result, Campos isn't able to use his pacemaker as a diagnostic tool to help make good choices about eating, exercise and other activities. Market opportunity? Regulatory risk? Hearbeat APIs?
http://boingboing.net/2012/09/28/why-cantpacemaker-users-rea.html

Personal Data Journal #6, page 29

Table of Contents

Victory! The Kaliya for Mayor stump speech

Kaliya ran and was elected to the Identity Ecosystem Steering Group management council that was created by and for the National Strategy for Trusted Identities in Cyberspace (NSTIC). She ran to be the Consumer Advocate Delegate and did so with her long time aliation with PDEC member Planetwork.The strategy coordinates and inspires a new generation of identity services. It is unclear how far the Identity Ecosystem will extend beyond identity login to personal data sharing. It could be quite signicant.Heres the text of a stump speech she recorded for her campaign. Hi my name is Kaliya. Im known online as the Identity Woman and Im running for oce. I said Im running for Mayor but, its a little bit more complicated than that. Its all about Identity. Theres a management counsel for the steering committee for the National Strategy for Trusted Identity and Cyberspace [NSTIC] and theyre having a big election on August 15th. The good news is that any of you can sign up and register to vote and Id like you to sign up and register and vote for me. Why? Because I think this is an issue that has potential but only if strong citizen voices and strong citizen participation is really driven forward in the process. So, Ill tell you a bit more about this whole thing, NSTIC, this election, my qualications. But let me get to the point. Please go to kaliyaformayor.org and nd out how you can register to vote in this vital important election on August 11th. So NSTIC in 30 Seconds.

Personal Data Journal #6, page 30

Table of Contents

It [NSTIC] was written and released by the White House in April of 2011 and it did an amazing job of painting a comprehensive picture of how identities could work on the internet if there was interoperability across the whole diverse range of systems. It also proposed that there be private sector leadership in making this happen. That being everybody but government so academic institution, non-prots, citizen advocates, privacy advocates, and just regular people. Thats why you guys can sign up and vote. And anyone can join this steering committee and Id really like you to join and vote for me. So endorse my campaign at kaliyaformayor.org, register, and vote with NSTIC. Vote on August 15th. So what are my qualications to be in this management council? First, I have a deep and abiding commitment to user-centricity and a record of accomplishment for building internet skills support for people in our daily experience. You can read all about my work in this eld at identitywoman.net. Ive been working on this proactively for almost ten years. My blogs have been going since 2005. I founded the Internet Identity Workshop in that same year and weve been going for eight years, really focused on how people can get control of their identities online and the technical tools and standards to do that. This far were gonna be having our 15th one. Secondly, my roots are in the not-for-prot sector so I speak their language and hold their values. Ive been aliated with Planetwork since 2002 and their paper, The Augmented Social Network: Building Identity and Trust into the Next Generation Internet. And if you want, you can go and check that out at ASN.planetwork.net to read more about it because it really reects the kind of identity systems that I think we need to make sure get built. And thirdly, Im a woman. I think that how identity is expressed online has a greater impact in womens lives to have more complex representations of self, more dierent contacts in which

Personal Data Journal #6, page 31

Table of Contents

they need to present themselves and its really vital that we make sure that womens voices are on this council. I founded ShesGeeky about six years ago, a womens online technology conference. Ive presented in womens forums about issues on identity and Im really passionate about making sure that both women and people from a range of dierent backgrounds have their voices represented in this development of the identity ecosystem. So with that, please swing by kaliyaformayor.org and learn all about how to vote for me. Get involved and Go NSTIC! I appreciate your support and I approve this message. Thanks. Bye.

Personal Data Journal #6, page 32

Table of Contents

Standards
This issue: Standards for Web Applications on Mobile: current and roadmap Document Format for Expressing Location Info Privacy Preferences Statement arming "OpenStand" principles Content Security Policy 1.0 review for Candidate Recommendation Content Security Policy: Draft User Interface Safety Directives Sender Policy Framework Authorizing Domains in Email v1 Owner Authorization Grant Type Prole for OAuth 2.0 A problem statement on trust in IETF protocols W3C Web Crypto WG issues Web Crypto API Letter on "DNT impasse" to FTC's Leibowitz Best practices and requirements for delivering Long Tail personalized content delivery over CDN Interconnections Updated Microdata to RDF Working Draft W3C launches Private User Agent Community Group RFC 6721 adds item deletion mechanism to Atom Publishing Protocol IETF draft "Special-Purpose Address Registries" for IPv4, IPv6 XACML 3.0 60 day review until December 7 New OpenID data federation working group First Beta Release of Mozilla Persona OpenID Connect Interop OC4 partial results W3C Web App Sec WG issues First Public Working Draft of User Interface Safety Directives for Content Security JSON Predicates Draft 00 UMA Core Protocol Draft 05 RDFa Lite 2 RDF Extractor

Personal Data Journal #6, page 33

Table of Contents

 Multiplexing Extension for WebSockets Group addresses allowed in From:, Sender: headers W3C launches Places Community Group First Public Working Draft of Push API for Web Apps HTTP Origin-Bound Authentication (HOBA) draft 02 Draft 06: User Interface Safety Directives for Content Security Policy

Standards for Web Applications on Mobile: current and roadmap

August 2012 Quarterly report summarizes technologies developed in W3C that increase capabilities of Web applications, and their specic application to mobile.
http://tools.ietf.org/id/draft-bonica-special-purpose-02.html

Document Format for Expressing Location Info Privacy Preferences

August 21 2012 Geolocation Policy extends Common Policy authorization framework to provide location-specic access control; denes condition elements to restrict access to data based on the current location; two algorithms for reducing granularity of returned location information.
http://datatracker.ietf.org/doc/draft-ietf-geopriv-policy/

Statement arming "OpenStand" principles

August 29 2012 IEEE, IAB, IETF, Internet Society, W3C signed Armation of the Modern Paradigm for Standards, a jointly developed set of principles establishing a modern paradigm for global, open standards.
http://tools.ietf.org/html/draft-iab-modern-paradigm-01

Personal Data Journal #6, page 34

Table of Contents

Content Security Policy 1.0 review for Candidate Recommendation

July 10 2012 Last Call Working Draft for CSP 1.0 spec, a policy language for declaring sets of content restrictions for a web resource and a mechanism for transmitting the policy to clients enforcing it. It has been discussed for 2 years and there are experimental implementations in Firefox and Chrome.
http://www.w3.org/TR/2012/WD-CSP-20120710/

Content Security Policy: Draft User Interface Safety Directives

September 10 2012 The W3C Web Application Security Working Group issued an Editors Draft of User Interface Safety Directives for Content Security Policy. Changed phrasing to acknowledge server cant control client enforcement and reporting, in response to Fred Andrews. Newer draft 06 issued October 6. Please send comments to publicwebappsec@w3.org
http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html

Sender Policy Framework Authorizing Domains in Email v1

September 7 2012 Draft 07 of anti-spam protocol SPF expires March 11. Final will replace RFC 4408.
https://datatracker.ietf.org/doc/draft-ietf-spfbis-4408bis/

Owner Authorization Grant Type Prole for OAuth 2.0

September 11 2012 Proposes to let resource owners directly authorize a relying party to access resources stored in other resource servers.
https://datatracker.ietf.org/doc/draft-zhou-oauth-owner-auth/

Personal Data Journal #6, page 35

Table of Contents

A problem statement on trust in IETF protocols

September 13 2012 "Trust" is used quite broadly in IETF documents but has not been discussed or dened very rigorously. To the extent that it's been discussed explicitly it's typically been within an implementation or protocol denition context, often around the question of trust anchors and their management (see RFCs [RFC5914], [RFC5934], [RFC6024], and many others for examples). In this document we intend to tease out how IETF protocols have tended to approach questions around trust, discuss whether or not this has been sucient, and see if there is new work on trust that could be of value. We are not specically interested in dening the word "trust," but rather identifying broader issues and problems related to trust.
https://datatracker.ietf.org/doc/draft-shore-trust-problemstatement/

W3C Web Crypto WG issues Web Crypto API

September 13 2012 Will provide basic tools for a web app to generate keys, manage crypto operations such as signature and ciphering. This specication is open for comments. Harry Halpin suggests 9/24 that W3C Privacy IG review it for privacy concerns such as browser ngerprinting and key import/export, and same-origin policy.
http://www.w3.org/2012/webcrypto/WebCryptoAPI/

Personal Data Journal #6, page 36

Table of Contents

Letter on "DNT impasse" to FTC's Leibowitz

September 15 2012 Signers from EFF, Center for Digital Democracy, Consumer Watchdog say: "The W3Cs Tracking Protection Working Group appears stalled between two competing proposals, one from industry and the other from privacy advocates. We believe the FTC can help break the impasse between these two proposals."
http://tools.ietf.org/id/draft-bonica-special-purpose-02.html

Best practices and requirements for delivering Long Tail personalized content delivery over CDN Interconnections
September 15 2012 Content Delivery Networks (CDNs) work best for caching popular data. But what do you do in a personal cloud world? This draft proposes methods for quickly delivering personalized content using CDNs.
http://tools.ietf.org/html/draft-krishnan-cdni-long-tail-02

Updated Microdata-to-RDF Working Draft

September 19 2012 Update of March 8 draft http://www.w3.org/TR/2012/NOTE-microdatardf-20120308/. Microdata is a WHATWG HTML specication used to nest semantics within existing content on web pages, an evolution from microformats.
http://www.w3.org/TR/2012/WD-microdata-rdf-20120112/

W3C launches Private User Agent Community Group

September 23 2012 "The Private User Agent Community Group is chartered to improve user privacy and user control by designing the User Agent to minimize

Personal Data Journal #6, page 37

Table of Contents

ngerprinting and to improve the control the user has over information shared over the Web and to improve the security of the User Agent in these regards. The group seeks to standardize the designs necessary to achieve these goals, to develop extensions designed for privacy to mitigate inevitable losses of functionality, to foster consideration of privacy in the design of other Web standards, and to discuss and develop implementations and test suits. Mechanisms for expressing user privacy preferences to servers and content providers are outside the scope of this group."
http://www.w3.org/community/pua/

RFC 6721 adds item deletion mechanism to Atom Publishing Protocol

September 25 2012 The draft of RFC 6721 is now a Proposed Standard Protocol. Atom (RFC 5023) underlies ActivityStreams and other standards in our scope.
http://www.rfc-editor.org/rfc/rfc6721.txt

IETF draft "Special-Purpose Address Registries" for IPv4, IPv6

September 26 2012 This draft (not yet at RFC stage) instructs IANA to restructure its IPv4 and IPv6 Special-Purpose Address Registriesto record all special-purpose address blocks, maintaining a common set of information regarding each address block. When completed the RFC will update RFCs 5736 and 4773 and obsolete RFCs 5735 and 5156.
http://tools.ietf.org/id/draft-bonica-special-purpose-02.html

Personal Data Journal #6, page 38

Table of Contents

XACML 3.0 60 day review until December 7

September 26 2012 OASIS eXtensible Access Control Markup Language Technical Committee proposes to advance XACML 3.0 to Candidate Standard. Send feedback until December 7:
https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=xacml

New OpenID data federation working group

27 September 2012 From the charter: The goal of this working group is to document the standards needed to use a triples based graph network to enable entities to securely exchange data. Gluus Mike Schwartz, who proposed the project, wrote this could be useful to help both people and organizations share data.
http://ox.gluu.org/doku.php?id=graph:charter

First Beta Release of Mozilla Persona

September 27 2012 For the past year Mozilla has been working on an experimental login system that completely eliminates passwords on websites. Persona is ready to use for authentication: it works in all major smartphone, tablet, and desktop browsers, the user experience has been thoroughly reviewed and polished, were committed to the core APIs, and its infrastructure is highly available and stable.
http://identity.mozilla.com/post/32395255498/ announcing-the-first-beta-release-of-persona

Personal Data Journal #6, page 39

Table of Contents

OpenID Connect Interop OC4 partial results

Sept 27 2012 How well do identity systems work across vendor lines? Out of the interop tests, 32 worked, 19 worked with issues, and 15 failed. 30 remain to be tested.

http://osis.idcommons.net/wiki/OC4:Cross_Solution_RP_x_OP_Results

W3C Web App Sec WG issues First Public Working Draft of User Interface Safety Directives for Content Security Policy
28 September 2012 The deadline for comments on this version is October 1.
http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html

JSON Predicates Draft 00

October 1 2012 JSON Predicates is a JSON-based syntax for description and serialization of logical boolean predicates. For example, JSON Predicates can be used to extend a JSON Patch document to provide a broader range of conditional processing options than currently supported.
http://tools.ietf.org/html/draft-snell-json-test-00

Personal Data Journal #6, page 40

Table of Contents

UMA Core Protocol Draft 05

October 1 2012 Latest version of the User Managed Access protocol, to be valid until April 13 2013. Di from version 04:
http://www.ietf.org/rfcdiff?url2=draft-hardjono-oauthumacore-05

RDFa Lite 2 RDF Extractor

October 2 2012 getSchema.org which already provides an extractor providing a pages Microdata as RDF, is now oering a similar service extracting a pages RDFa Lite semantic annotations as RDF. Another existing service is W3Cs RDF1 1.1 Distiller and Parser.
http://getschema.org/rdfaliteextractor/about

Multiplexing Extension for WebSockets

October 2 2012 Alleviates scalability problem of requiring a new transport connection for every WebSocket connection. Now up to draft 7.
http://tools.ietf.org/html/draft-ietf-hybi-websocket-multiplexing-07

Group addresses allowed in From:, Sender: headers

October 3 2012 Relaxes RFC 5322 restriction of single email address in From: and Sender: elds; they will allow lists of addresses as in other header elds. Intended for limited use cases.
https://datatracker.ietf.org/doc/draft-leiba-5322upd-from-group

Personal Data Journal #6, page 41

Table of Contents

W3C launches Places Community Group

October 5 2012 Place data has many uses, including augmented reality browsers, gazetteers, location-based social networking games, geocaching, mapping, navigation systems, and many others. In addition, the group will explore how the geospatial industry could best use, inuence and contribute to Web standards.
http://www.w3.org/community/places/

First Public Working Draft of Push API for Web Apps

October 5 2012 The W3C Web Apps WG warns this is for review and not yet consensus. Comments requested by October 12. Several Mozilla sta expressed concern about scalability, reliability, and security, citing prior Apple and Google push for mobile systems.
http://dvcs.w3.org/hg/push/raw-file/default/index.html

HTTP Origin-Bound Authentication (HOBA) draft 02

October 5 2012 Signature-based authentication method hoped to be a drop-in replacement for password-based HTTP auth in HTTP 2.0. Has a logout feature. Uses HTML5 local storage. Account creation via client generation of a key pair, sending public key to site to associate with account. User authorizes new device or user agent (e.g. browser) by entering one-time password received on new device immediately into challenge on previously authorized device. Portions of spec still to be written.
https://datatracker.ietf.org/doc/draft-farrell-httpbis-hoba/

Personal Data Journal #6, page 42

Table of Contents

Draft 06: User Interface Safety Directives for Content Security Policy
September 28 2012 The W3C Web Application Security Working Group issued an Editors Draft of User Interface Safety Directives for Content Security Policy. Please send comments to publicwebappsec@w3.org
http://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html

Personal Data Journal #6, page 43

Table of Contents

Startup News
New members
Four new members this month: MyMindshare, KBC, MMINNDD, and OwnYourInfo. You can see the complete list in the PDEC directory at end of the Journal. MyMindshare. CEO: Jim Bursch.http://mymindshare.com As a general rule, I hate advertising. In 2004 I realized that the problem with advertising was ad-supported media and I set out to solve the problem of advertising by developing a system that disintermediates advertising and put advertisers in direct relationship with consumers. MyMindshare does this by combining a bidding and rating system with a surveying and targeting system. Knowledge Based Opportunities CIC.CEO: John Beer. http://kbocic.co.uk/ As an advisor to the European Commission on ICT matters, there is a requirement to research and develop new technologies for enabling Knowledge Extraction and content monetization platforms In the UK there is a need to create and encourage sustainable changes to the skills and research landscape in the research and business area of Knowledge Extraction, Information retrieval, Digital Librarianship and Information Science. The Centre for Advanced Knowledge Engineering (CfAKE) /Knowledge Based Opportunities (CIC) Ltd will focus with global universities on

Personal Data Journal #6, page 44

Table of Contents

creating a global Centre of excellence based in the UK and intern change the regional aspirations levels, skills and future employment opportunities of students. KBO is a not-for-prot Community Interest Company. MMINDD:CEO: Estee Solemon Gray. http://mmindd.com A value proposition hypothesis was born. Tools for multi-minding. Helping people visualize and attend to their intentionally complicated beautiful lives. Learning from the behavior in the wild of generations of women. Responding to almost desperate calls to incorporate mindfulness practices and energy management in workplaces and work/lifestyles before the Millennials do lasting damage to themselves. Nine months of ideation, user exploration, and co-creation later (including multi-day Advances that drew Advance Team members from across the country layering Mmindd onto their day jobs), a vision, a pitch, a core team of 5, and the bones of a creation space are emerging. OwnYourInfo: Functional Lead: William McCusker.http://ownyourinfo.com OwnYourInfo is an information storage and sharing application built to make managing private and frequently accessed personal information more ecient and more secure. OwnYourInfo launched on September 12, 2011 after a year and a half of research and development. OwnYourInfo is based in Las Vegas, Nevada.

Personal Data Journal #6, page 45

Table of Contents

News from the Startup Circle

Personal.com launches API and developer program
Now that Personal.com has a web platform for securely aggregating, creating and managing more than 5000 elds of semantically mapped personal data, theyre opening their data vault to developers. Starting 3 October 2012, developers can build apps using Personals RESTful APIs to build on their Privacy by Design Platform. It comes with private authentication without third-party tracking, user-permissioned access to unique user data, secure le and data storage, secure le and data sharing/messaging with users or non-users, and contact management with groups. With more than 150 developers signed up before the announcement, their developer program is o to a healthy start. Early applications include a browser-based password manager, a tailored password generator, a personal nance partner that pipes bank statements into Personal gems, secure messaging with expiration, and a secure notetaking and bookmarking app. http://developer.personal.com to sign up and learn about the Personal Platform $5K Developer Contest.

Kynetx enables thermostat programming via your Google calendar

My goal has been to be able to control the thermostat from a Google calendar. I nd scheduling tasks much easier with a calendar interface and Google's is convenient and has an API.
http://www.windley.com/archives/2012/08/controlling_the_thermostat.shtml

Personal Data Journal #6, page 46

Table of Contents

PDEC Startups at DataWeek!

by Kaliya Identity Woman Hamlin Virtue, MMINDD, Personal, Reputation.com were all on panels at Data Week in San Francisco as part of their Identity and Personal Data Lab and the Life Data Lab Tracks. I facilitated a panel at DataWeek titled How the personal data ecosystem will turn advertising upside down, with: Adam Spector, CEO of Virtrue, PDEC Startup Circle member Estee Solomon Grey, CEO of MMINDD, PDEC Startup Circle member Casey Oppenheim, CEO of Disconnect.me (applying to PDEC) and Daniel Gerber from Swisscom (PDJ Subscriber). photo: Estee Solomon Gray and Tarik Kurspahic. Adams DataWeek & New Data Sources blog post recaps our panels three topics: we explained what each company does; our big visions for advertising 5-10 years out; and whats missing, gaps to be developed. Casey, from Disconnect talked about how they have seen massive uptake in their tracking prevention tools. The simple fact is that people are slowly but surely moving away from free tracking of all of their movements online. This will signicantly and directly impact advertisers. Reputation.coms Noah Lang, director of business development, and Personals CTO Tarik Kurspahic were on another panel covering the Next Decade of Personal Data Innovation moderated by Geo Domoracki. Both Reputation.com and Personal are PDEC Startup Circle Members.

Personal Data Journal #6, page 47

Table of Contents

Results of the Singly App Challenge in Windy City

We just got back from a fantastic weekend in the Chicago, where we partnered with Braintree to throw a weekend-long App Challenge. As we continue to recover from the 28-hour marathon of hacking and fun, we thought wed share some thoughts with the world. Head over to the post How the Windy City won our hearts to check out the list of startups they were keen on. The winner for best use of Singly was Twizzl.io which turns your social media connections into a competitive sport. Your social media savvy is tested as you predict which of your own friends, favorite celebrities, and preferred brands will rise in online popularity across Facebook and Twitter. How to have Social Apps via Singly in 5 Min: Register with Singly to get API keys Download the Singly Android SDK from Github Use the Singly API explorer Use the Singly Android SDK in your app
Post: http://blog.singly.com/2012/09/28/5-minutes-to-social-android-apps-with-singly/

Personal Data Journal #6, page 48

Table of Contents

Mydex Challenges Sandy Pentlands Big Data Vision

The highly regarded Sandy Pentland of MIT has an article about big data. It appears to cloak itself in some of the right sentiments, which makes the heart of it all the more spectacularly wrong. He speaks of the sort of Big Data that comes from things like location data o of your cell phone or credit card. Its the little data breadcrumbs you leave behind as you move through the world. Those breadcrumbs tell the story of your life. MITs Big Data guy (described, he says by people like Tim OReilly and Forbes as one of the seven most powerful data scientists in the world) is talking about data acquired without my consent in a creepy, coercive way. Thats not the basis of a healthy relationship with business or government. In a healthy relationship, I trust other parties and feel safe. With trust and safety I might share more valuable information, the information we really need to clear between us to get stu done, to do business, use public services, participate in social activity, support NGOs. He does call for a New Deal on data, and for individuals to be in control. This is the right sentiment, but its dangerous to just pay lip service then ignore its reality and impact. It has to be real control, meaningful permission, and informed consent when data is shared for a specic purpose. This entails legal protection and contractual rights that cant be ignored, or frittered away in some pact the individual never understood.
http://mydex.org/2012/09/27/personal-data-areas-woolly-thinking-dangerous/

A Personal Cloud Operating System roadmap

Phil Windley outlines a roadmap
http://www.windley.com/archives/2012/07/ a_road_map_for_the_personal_cloud_operating_system.shtml

...that followed this white paper from earlier 2012 by Phil and Drummond...
From Personal Computers to Personal Clouds: The Advent of the Cloud OS.

Personal Data Journal #6, page 49

Table of Contents

The following represents a roadmap of what needs to be done to get from having a functioning kernel to a real cloud operating system that includes the necessary user-space tools and utilities. Note that the roadmap does not necessarily indicate priority or order. Kernel-Space Enhancements; User-Space Applications and Utilities; and Base Personal Cloud OS Applications.

Azigo launched public beta

14 September 2012

Give your Azigo email address to merchants; Azigo organizes mail from vendors by brand, topic, and visualized Pinterest-style. Azigo is now taking signups. http://azigoinc.com/azigo-launches-beta-september-10-2012/

Mydex comments on UK.govs Midata

Mydex submitted a brieng note for the UK government Midata initiative. http:// mydex.org/wp-content/uploads/2012/09/Making-midata-work-for-you-Mydex.pdf They are encouraging others to respond too.

Personal Data Journal #6, page 50

Table of Contents

If, like us, you think midata is a good idea its well worth responding to the consultation. There are those generally companies who make a business of trading in your personal data without you knowing much about it who are resisting this idea. But their reasons for doing so are less about benet to the individual and more about a short-sighted view of their own interests.

Personal Data Journal #6, page 51

Table of Contents

Actionable
Tools and resources for driving forward.

Check your Big Data Ethics. Put these events on your calendar: London Catalyst Workshops monthly. W3C Federated Social Web Summit and IIW15 in October in San Francisco Bay Area. Identity Next in The Hague, NL, in November. Privacy Engineering Meetups in November, December. PDEC directory of members updated with four new members in time for IIW15.

Personal Data Journal #6, page 52

Table of Contents

Book Reviews
Ethics of Big Data: Balancing Risk and Innovation
by Kord Davis with Doug Patterson ISBN: 9781449311797. September 2012, OReilly Media, 82 pages. I love it when philosophers become management consultants. We get short books like this, with discipline and logical thinking about a complex subject. Fortunately Davis and Patterson make it quick, readable and organized. For example, from the introduction: For both individuals and organizations, four common elements dene what can be considered a framework for big data ethics: Identity. What is the relationship between our oine identity and our online identity? Privacy. Who should control access to data? Ownership. Who owns data, can rights to it be transferred, and what are the obligations of people who generate and use that data? Reputation. How can we determine what data is trustworthy? Whether about ourselves, others, or anything else, big data exponentially increases the amount of information and ways we

Personal Data Journal #6, page 53

Table of Contents

can interact with it. This phenomenon increases the complexity of managing how we are perceived and judged. The horrible thing about this book is it asks you to take responsibility for the consequences of your part in the big data explosion. You and your organization may have to actually respond to big datas forcing function with new policies and behavior. What Is Big Data Forcing? Society, government, and the legal system have not yet adapted to the coming age of big-data impacts such as transparency, correlation, and aggregation. So, adapt to these challenges. Now. Davis spends the rest of the book telling how. Their method involves a continuous loop of inquiry, analysis, articulation, and action. It starts by clarifying and articulating your values; then triggering work leading to practices aligned with your values. Its clear Davis writes from experience. He even includes tools like this worksheet, below, for workshopping policy-creation using Value Personas to make these abstractions more human and personal. Bottom line: Ethics of Big Data should be on your bookshelf along with 2011s Privacy and Big Data. Buy it. Phil Wol

Personal Data Journal #6, page 54

Table of Contents

Personal Data Journal #6, page 55

Table of Contents

Calendar
Where will you be? Send a tip newsroom@pde.cc.

Personal Data Ecosystem Catalyst Workshop

October 2, 2012 London, UK Working sessions for those building the ecosystem. http://personal-data-workshop.eventbrite.com/

IDESG/NSTIC roundtable in Seattle

Oct 4 http://nstic.blogs.govdelivery.com/2012/09/18/idesg-and-nstic-roundtable-in-seattleoctober-4/

OpenID Connect Work Group Meeting

Oct 22 http://connect-wg-oct-2012.eventbrite.com

Digital Death Day - London

October 6, 2012 http://www.digitaldeathday.com

ID World Congress
October 1618, 2012 Frankfurt, Germany The place for advanced automatic identication: RFID, biometrics and smart card technologies.
http://www.mesago.de/en/IDW/The_conference/Welcome/index.htm

Personal Data Journal #6, page 56

Table of Contents

W3C Federated Social Web Summit

October 22, 2012 Bay Area This is ocial now the W3C will be collocating the 3rd Federated Social Web Summit near IIW. The day will have prepared presentations on the progress of these technologies ideas and then feed the results/energy into IIW.

Intelligent Transport Systems World Congress

October 22-, 2012 Wien, Austria Smarter on the way is the slogan, and this could be the place to discuss personal data in cars, bikes, afoot and in public transit this fall. http://2012.itsworldcongress.com/

Information Security Solutions Europe

October 2324, 2012 MCE, Brussels, Belgium http://www.isse.eu.com/

Internet Identity Workshop

October 23-25, 2012 Mountain View, California This is the prime gathering for the user-centric and identity communities. Industry progress happens in this intense but informal setting. www.internetidentityworkshop.com

Personal Data Journal #6, page 57

Table of Contents

Personal Data Ecosystem Catalyst Workshop

November 6, 2012 London, UK Working sessions for those building the ecosystem. http://personal-data-workshop.eventbrite.com/

Digital Arabia
November 6-7 Abu Dhabi, UAE Produced by STL-Partners, New Digital Economics, Telco 2.0. There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event. http://www.newdigitaleconomics.com/DigitalArabia_Nov2012/

Jaarcongres ECP 2012

15 November, 2012 Circustheater, Scheveningen, The Hague, NL Gezien het succes van afgelopen jaren en onze ambities. voor de toekomst, kondigen wij u met veel genoegen aan het Jaarcongres ECP 2012 op 15 november 2012. Noteert u deze datum alvast in uw agenda! http://www.jaarcongresecp.nl/

Privacy Engineer Meetup

November 15 San Francisco Bay Area http://www.meetup.com/sfprivacyengineering/

Identity.Next
November 20-21 The Hague, Netherlands http://www.identitynext.eu/

Personal Data Journal #6, page 58

Table of Contents

Digital Asia
December 3-5 Singapore Produced by STL-Partners, New Digital Economics, Telco 2.0. There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event. http://www.newdigitaleconomics.com/events/

Personal Data Ecosystem Catalyst Workshop

December 4, 2012 London, UK Working sessions for those building the ecosystem. http://personal-data-workshop.eventbrite.com/

Privacy Engineer Meetup

December 13, 2012 San Francisco Bay Area http://www.meetup.com/sfprivacyengineering/

SXSW
March 2013 Austin, Texas http://sxsw.com/

New Digital Economics Americas

March 19-20, 2013 San Francisco. There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event.

Personal Data Journal #6, page 59

Table of Contents

New Digital Economics EMEA

April 23-24, 2013 London There may be a WEF Rethinking Personal Data Tiger Team Day associated with this event.

Internet Identity Workshop

May 7-9, 2013 Tentative Dates Mountain View, California

European Identity & Cloud Conference 2013

May 14-17, 2013 Munich/Germany http://www.id-conf.com/events/eic2013

Gartner Identity and Access Management Summit

11-12 March 2013 London, UK http://www.gartner.com/technology/summits/emea/identity-access/

Semantics and Big Data 10th ESWC 2013 May 26-30, 2013 Montpellier, France Call for Tutorials Proposals due: Nov 23, 2012 - 23:59 Hawaii Time Notication of acceptance: Dec 7, 2012 - 23:59 Hawaii Time Tutorial Web site due: Dec 17, 2012 - 23:59 Hawaii Time Camera-ready material due: Apr 29, 2013 - 23:59 Hawaii Time Tutorial days: May 26 and May 27, 2013

Personal Data Journal #6, page 60

Table of Contents

Identity en Access Management 2013

May 28, 2013 Location TBD, NL

Personal Data Journal #6, page 61

Table of Contents

PDEC Directory
People and organizations you might want to talk to. All information is public. Send additions and corrections to newsroom@pde.cc.
Azigo. CEO: Paul Trevithick. @azigo. http://azigo.com/ Allled. CEO: Piyush Shah. @allled. http://www.allled.com/ bitWorld. Executive Director: Cameron Hunt. http://www.bitworld.us/ Cloudstore. CEO: Johannes Ernst. @cldstr. http://cldstr.com/ Comradity. CEO: Katherine Warman Kern. @comradity. http://www.comradity.net Connect.me. Co-Founder: Drummond Reed. @respectconnect. http://www.connect.me Consumer Data Rights. CEO: Craig Lipman. http://consumermarketingrights.org/ Gluu. CEO: Mike Schwartz. @gluufederation. http://www.gluu.org Interest Networks. CEO: Barbara Bowen. http://www.interestnetworks.com/ Knowledge Based Opportunities CIC. CEO: John Beer. http://kbocic.co.uk/ Kynetx. CEO: Stephen Fuller. @kynetx. http://www.kynetx.com LifeDash. President and CEO: Travis Bond. @lifedash. http://www.lifedash.com/ MetaConnectors. Project Leader: Victor Grey. http://metaconnectors.com/ MMINDD Labs. CEO: Estee Solomon Gray. @estee http://mmindd.com My Info Safe. CEO: Ross Hughson. @myinfosafe. http://www.myinfosafedirect.com/ Mydex. CEO: David Alexander. @mydexCIC. http://mydex.org/ MyMindshare. CEO: Jim Bursch.http://mymindshare.com OwnYourInfo. Functional Lead: William McCusker.http://ownyourinfo.com PeerCraft. CEO: Henrick Biering. @peercraft. http://www.peercraft.com/ Personal. CEO: Shane Green. @personal. http://www.personal.com

Personal Data Journal #6, page 62

Table of Contents

Personal Info Cloud. Principal: Thomas Vander Wal. @infocloud. http://personalinfocloud.com/ PiB. CEO: John Harrison. http://www.pib-d.net/ Planetwork. Executive Director: Jim Fournier. @planetworkngo. http://www.planetwork.net/ Privo. CEO: Denise Tayloe. http://www.privo.com Privowny. CEO: Herve Le Jouan. @privowny. http://www.privowny.com/ Project Danube. Project Leader: Markus Sabadello. @privowny. http://www.projectdanube.org Qiy. CEO: Maarten Louman. @qiytweet. http://www.qiycorporate.nl/en/ Reputation. CEO: Michael Fertik. COO: Owen Tripp. Business Director: Noah Lang. @Reputation_Com . http://www.reputation.com Singly. CEO: Jason Cavnar. @singlyinc. http://www.singly.com Switchbook. CEO: Joe Andrieu. @switchbook. http://www.switchbook.com Synergetics. CEO: Luk Vervenne. http://synergetics.be/ Tangled Web. CEO: Ankit Kapasi. @tangledp2p. http://www.tangledp2p.com The Customers Voice. CEO: Iain Henderson. @tcvuk. http://www.thecustomersvoice.com/ Virtrue. CEO: Adam Spector. @virtrue. http://www.virtrue.us/

Personal Data Journal #6, page 63

Table of Contents

Aftermatter
Our Masthead
Personal Data Journal Personal Data Journal is published by PDEC: the Personal Data Ecosystem Consortium, a working group of Identity Commons, a not-for-prot association. PDEC exists to create and support a diverse community of companies, small and large around the world,building a thriving personal data ecosystem. The Journals purpose is to inform, educate, and connect its readers in support of PDECs mission. Personal Data Journal Sta Publisher: Kaliya Hamlin. Kaliya@pde.cc Managing Editor: Phil Wol. Phil@pde.cc Technology Editor: Markus Sabadello. Markus@pde.cc Standards Editor: Joseph Boyle. Joseph@pde.cc Associate Publisher: Patrick Reilly. Patrick@pde.cc Founding Editor Emeritus: Kelly Mackin. Kelly@pde.cc Personal Data Ecosystem Consortium Sta Executive Director: Kaliya Hamlin Strategy Director: Phil Wol Board Members Aldo Castaneda, Tony Fish, Clay Shirky, Phillip J. Windley, Ph.D. http://PersonalDataEcosystem.org

Subscriptions:
Phil Wol: phil@pde.cc PDEC members receive the Journal with membership. Inuence your entire rm with enterprise licenses for PDJ, available at http://www.pde.cc/journal. Rates are also available for individuals, academics, and teams. You can subscribe online with a company card, pay by check or by wire.

Personal Data Journal #6, page 64

Table of Contents

Editorial Policies
Some things we stand for.
Tell the truth, be useful, make a dierence. The path forward means aligning personal, enterprise and public interests. Some complex ideas are worth exploring in depth.

PDJs License.
Unless otherwise noted, Personal Data Journal is copyright Personal Data Ecosystem Consortium, an Identity Commons organization. All rights reserved (please ask rst for CC-BY permissions). Some logos, art and names may be marks of other organizations. Some works will used by permission and will be noted as such.

Corrections.
We welcome complaints and suggestions. We will publish corrections promptly and at least as prominently as our errors. Send notices to editor@personaldataecosystem.org.

Conicts of Interest.
We will disclose personal and institutional conicts of interest including aliations and memberships.

Opinions.
Authors are responsible for opinions. The Journal, PDEC and its members arent.

Personal Data Journal #6, page 65

Table of Contents