It’s somewhat old news, but still interesting: Microsoft’s acquisition a few months ago of Credentica, a start-up with an encryption-and-authentication system that “allows users to disclose the absolute minimum to complete digital transactions — and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.”
One of the most interesting issues in privacy to me is the gap between those who live and breathe privacy and security day to day and those who don’t. Having gone from the latter group to the former only recently, I know how wide that gap is. Those who care about privacy discuss and analyze various solutions with passion and intensity, while people like my sister dispose of broken laptops by placing them in NYC trashcans. (True story—the laptop was mine, and she was sincerely puzzled when I threw a fit.) All the news coverage of data leaks has led many people to have a vague sense of dread about their privacy rights, but understand nothing more. So even if interesting solutions are proposed for protecting personal information, the question of who will care enough to adopt them is as important as whether the proposals actually work.
It seems this issue played out in the development of the U Prove technology, which had been proposed before. It just wasn’t very marketable when it was pitched to individual consumers. One thing Stefan Brands and Credentica did differently was marketing it to software developers. That strategy seems to have proven successful, given that Microsoft has now bought the company.
But will Microsoft’s investment in Credentica pay off with users who have only vague concerns about their privacy? (I love the way the Wired article says, “Brands and Thompson tend to refer to the math behind U-Prove as ‘magic’ rather than going too deep into the details.”) Will Microsoft be able to overcome its image as a big bad company and persuade consumers they are really invested in protecting privacy? It’s a difficult problem. Privacy concerns need to be addressed now, before the public cares enough to demand it, but solutions proposed by major companies may not satisfy uneasy consumers.
I’m biased, of course, because we at the Common Datatrust Foundation are working on a different model, that privacy and security should be entrusted to a trusted third-party that would administer and monitor exchanges of information between individuals, institutions, agencies, and businesses. But I’d be happy to see progress by Microsoft or any other company or organization in proposing privacy and security systems that truly returns control over personal information back to individuals without requiring everyone to understand all this privacy stuff.
I’m curious to know what others think. If we believe the privacy of even those who don’t care should be protected, where should the push for change come from?