Acerca del autor

RICHARD HUNTER is Vice President, Security Research, GartnerG2, the strategic business growth division of Gartner, Inc., the world's largest technology research firm. Hunter is internationally renowned for his expertise in technology and security, cybercrime, information management, and privacy. He was formerly Vice President and Director of Research for Applications Development at Gartner. Hunter earned a bachelor's degree from Harvard University with a concentration in music and is also a world-class harmonica virtuoso. He works in Gartner's headquarters in Stamford, Connecticut, and lives nearby.

De la contraportada

WORLD Without SECRETS

Unique, international personal identifiers . . . near- instantaneous data mining . . . biometric face printing . . . intelligent embedded devices everywhere that record, interpret, and transmit virtually everything you say and do. It's not science fiction. Much of this technology is already in place and the rest is on the way. By the end of the current decade we will inhabit a man-made environment of ubiquitous computing in which everything is recorded and nothing is forgotten.

World Without Secrets explores the realities and implications of a world in which anyone who wants badly enough to know anything about you, your business, or anything else will be able to get that information. It examines the information-gathering technologies that are and will be deployed-on our streets, in our offices and public buildings, even in our homes and cars-and explains their benefits as well as potential serious abuses.

This bone-chilling exposé investigates the likely impact of ubiquitous computing on every aspect of our business, personal, political, and cultural lives. Will we be safer and our property more secure? When everything is known, how will we decide what's most important to know? Will there be any way to keep confidential information confidential? How will business protect intellectual capital?

World Without Secrets also takes you into the "shadow world" of state and private-sector criminals whose livelihood is based on illicit use of growing mountains of information. It offers strategies for surviving and succeeding in a world that is rife with opportunity but dangerous for the wary and unwary alike. And it suggests policy options that can protect individuals and organizations from exploitation and safeguard the implicit contract between employees, businesses, and society itself.

Peppered with uncommonly sharp insights into the way we understand information, conduct business, and try to control our surroundings, World Without Secrets breaks new ground in describing the impact of new technologies on the way we live and work. This comprehensive guide to the immediate future is compelling and necessary reading for anyone who wants to prepare personally and professionally for the enormous changes soon to come.

For more information, please visit www.worldwithoutsecrets.com

De la solapa interior

WORLD Without SECRETS

Unique, international personal identifiers . . . near- instantaneous data mining . . . biometric face printing . . . intelligent embedded devices everywhere that record, interpret, and transmit virtually everything you say and do. It's not science fiction. Much of this technology is already in place and the rest is on the way. By the end of the current decade we will inhabit a man-made environment of ubiquitous computing in which everything is recorded and nothing is forgotten.

World Without Secrets explores the realities and implications of a world in which anyone who wants badly enough to know anything about you, your business, or anything else will be able to get that information. It examines the information-gathering technologies that are and will be deployed-on our streets, in our offices and public buildings, even in our homes and cars-and explains their benefits as well as potential serious abuses.

This bone-chilling exposé investigates the likely impact of ubiquitous computing on every aspect of our business, personal, political, and cultural lives. Will we be safer and our property more secure? When everything is known, how will we decide what's most important to know? Will there be any way to keep confidential information confidential? How will business protect intellectual capital?

World Without Secrets also takes you into the shadow world of state and private-sector criminals whose livelihood is based on illicit use of growing mountains of information. It offers strategies for surviving and succeeding in a world that is rife with opportunity but dangerous for the wary and unwary alike. And it suggests policy options that can protect individuals and organizations from exploitation and safeguard the implicit contract between employees, businesses, and society itself.

Peppered with uncommonly sharp insights into the way we understand information, conduct business, and try to control our surroundings, World Without Secrets breaks new ground in describing the impact of new technologies on the way we live and work. This comprehensive guide to the immediate future is compelling and necessary reading for anyone who wants to prepare personally and professionally for the enormous changes soon to come.

For more information, please visit www.worldwithoutsecrets.com

Fragmento. © Reproducción autorizada. Todos los derechos reservados.

World Without Secrets

John Wiley & Sons

Chapter One

When you read a description of a book online at Amazon.com, Amazon helpfully informs you that many people who bought that book bought certain others, too. This little trick is a simple example of how a rapid, large-scale quantitative analysis of facts like names and numbers can tell us a lot about what people do and how they behave.

Given the state of the art in data mining, there are a few different ways that Amazon might handle the task. However the process unfolds, it must begin with a concise fact: a unique identifier, which Amazon can supply, for the book you're reading about at Amazon's site. The hard way-in terms of computer resource consumption, meaning time and money-is to use that identifier to search Amazon's entire purchase database, right then and there, and find all the customers who bought that book. Amazon sold $2.5 billion worth of books in 2000. Even with powerful computers and the identifier in hand, it will take a while to find them all (probably more than most customers care to wait online). Assuming the look-up is done, Amazon can then look up all the other books those customers bought, sort and rank them by various factors (such as total purchases across all customers for each book), and present a short list of candidates for your review (and ideally-from their point of view-your purchase). To make it all really slick, Amazon might eliminate titles it knows you have already bought from Amazon. That's something they apparently don't do now, at least if my experience is any proof.

There's a less time- and computer resource-consuming, more likely approach. Amazon could do a full-scale read-through of their transaction database nightly, weekly, monthly, or however often they like. They would see what was purchased and do the same look-up described of all the other products those people bought as well. They would use that information to build a database of books-affiliated-by-purchase that they could reference quickly whenever a new purchase is made. That approach would save them the trouble of building such a database on the fly whenever a customer looks at a book description. It would explain why they don't pick up on the fact that you have already bought one or more of the books on their list. And it could be made to work, for every online customer, in less time than it took to read this paragraph.

Anyone who has shopped at Amazon probably remembers being surprised the first time Amazon presented such a list. The thing that surprises many people is that the list Amazon shows them is often immediately credible, because it includes books that they've already read and enjoyed.

How does Amazon know so much about you? You never told them what you liked.

You didn't have to. They knew it almost as soon as you selected your purchases, even before you gave them your money.

The Power of Names and Numbers

Facts like names and numbers are precise, quantitative, and unequivocal. They're about what people and machines do, not what people think. Customer (John Smith) bought product (X) in quantity (Q) at price (P) from vendor (V) using channel (C) at time (T) in location (latitude, longitude) with credit card number (NNNN). The purchase is compact and meaningful. We don't have to know why it happened to predict with some accuracy when and under what circumstances it will happen again.

What people do often says more about who they are and what they think than what they think they think, and what people say they think doesn't necessarily tell you what they'll do next. Lots of people who say they care about privacy hand out detailed personal information to anyone who offers them a piece of free software, for example. Even before they've seen the software, even before they know (or think to ask) the uses to which the information will be put, they've shared their personal data.

Amazon isn't telling you what other buyers think about the books Amazon is recommending. Reviews are available, if you want them, but that's not how Amazon came up with the recommendations. It's not about what people liked. Amazon is telling you what other people bought. That information is easy to collect because it's an intrinsic part of every purchase transaction, and it's easy to analyze compared to any ratings that a diverse set of customers might apply to a book that they've all read. (Every customer has his or her own rating system, and Amazon doesn't know what it is. But a purchase is a purchase is a purchase.)

If given a wider universe of data to work with, Amazon might also find that people who bought certain books tended to rent certain videos, or drink certain coffees, or travel more frequently than others to particular locations. Knowing those preferences could open up entirely new avenues for Amazon's recommendations. Can I add a double latte with cinnamon to your order? Would you like to drink it in Rio de Janeiro? Wearing a scarf in a certain shade of red? It's neither possible nor necessary to predict all the associations that might turn up. The power of large-scale analysis of simple facts is precisely that it reveals such patterns. The technology that makes the analysis possible, data mining, is available now in a very robust form, and it's getting stronger.

Amazon doesn't have an infinite universe of data. It has the stuff it can generate from its own sales, plus whatever else it can buy or rent from third parties. (If Amazon were less ethical, we could add: plus whatever it could steal from third parties to that list.) Amazon doesn't have everything.

But the universe gets bigger all the time.

What Does It Take to Create a Universe?

Databases essentially consist of attributes-pieces of data-and relationships-the rules that describe how the attributes relate to each other. A key is an attribute that uniquely identifies an instance of a certain set of related attributes. A good key is unique, and the data that depend on a good key depend on all of it, not just a part of it. (I'm trying to make this simple, and it'll end soon, I promise.)

Your name is a good attribute for referring to you in a message, but it's a poor key for correlating information about you-your address, weight, height, and spending habits-because any number of other people might also have your name. Your address is a good key for referring to a location, so long as the whole key-street address, city, state, and country-is present. Drop the state and country and there's room for confusion. (If you live in greater Boston, Massachusetts, where there are five streets named "Arlington," you need a zip code too.)

Here's the most important thing. Databases can be linked, or related, when a key value is common to both structures. It doesn't really matter whether information is stored in separate physical databases. All that matters is the keys. If the same keys are present in two different databases, any information in one can be correlated to any information in the other, as if they were a single database, at least in a logical sense.

It's pretty easy from here on out. If you want to pull a universe of data together, the first thing you need is a really good key that ties the data to something in particular. That something is usually a person, but the person's name alone is not good enough. You need something unique, something that's usable in lots of different places-ideally, something that's already used in lots of places. In this age of global business, you also need something that's unique worldwide.

Crossing Over

Database designers talk about logical databases-databases that exist in an ideal sense, unfettered by the considerations of available technology, and constrained in structure only by the nature of the information itself-and physical databases-logical designs that are restructured and constrained by the needs of particular applications and the technology they use. A logical database is like an artist's drawing of a piece of architecture. A physical database is like the building people live in after all the construction is done.

In a logical sense, the ideal identifier is an arbitrary number that's big enough to include a unique value for everyone who might need to be identified. In the physical world, the closest thing anyone has to a worldwide key for lots of data that matter-concise, factual data that link people to their purchases-is a credit card number.

Visa has issued more than one billion of its various credit and debit cards worldwide. Visa has 60 percent of the worldwide market, so we can figure that another 700 million or so credit cards from other vendors are also out there. Visa says that its cards "are accepted at more than 21 million locations in 300 countries and territories, making Visa the closest thing there is to a universal currency." Every transaction done anywhere in the world using a given credit card can be positively correlated to every other transaction made with the same credit card.

The purchase data don't tell me everything about you, but they give me a good start. I know where you've gone and when you were there. I know where you shopped and how you "paid" for your purchases. Do I need to know much more about you? If I do, I can always ask the people who work at the place where you shopped. If necessary, I can pay them (or coerce them) to tell me. If utterly necessary, I can buy the company they work for.

Arguably, an even better key than a credit card number, assuming that you have the technology to process it efficiently in all the situations where it might be needed, is something that's both unique and intrinsic to your person, like a digitized replica of your face, your voice, or your DNA. In Chapter Two, "Streets Without Secrets," I discuss the potential for widespread use of biometrics like facial scans as keys to a universe of personal information.

But facial scans aren't essential; they are merely useful, convenient, and likely to be deployed in many situations. To anyone who's willing to pay the going price or has a list that can be swapped, credit card numbers give access to a wide range of very useful and highly predictive information about card owners' behavior and habits. We resist a single identifier when it might be in the hands of a government, but we welcome it when we can use the same credit card in Jakarta, Denver, and Bonn without any more effort than it takes to present it.

The demand for common identifiers to support secure global commerce is accomplishing what no government could: the worldwide implementation of what is effectively a unique international personal identifier.

More Data, More Power, Few Controls

A worldwide identifier enables a wider universe of data, a market where businesses can buy, sell, and combine information about individuals, subject only to what they can afford (information is precious), what is legal in the nation(s) in which they do business, and what they believe the public will tolerate.

As an example of U.S. businesses' freedom to manage and trade information as they see fit, let's look again at Amazon.com. In September 2000, Amazon informed its entire customer base that, contrary to a previously announced policy, Amazon would begin sharing information about its customers with selected third parties. Customers could choose to end their relationship with Amazon, but customer data already gathered by Amazon would be subject to any uses that Amazon deemed appropriate. Amazon described one of those potential uses as follows:

Business Transfers: As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets. Also, in the unlikely event that Amazon. com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.

This passage apparently contradicted Amazon's statement, earlier in the Notice, that "Information about our customers is an important part of our business, and we are not in the business of selling it to others." In other words, Amazon reserved the right to change its mind, anytime, about how it uses customers' information. (The statement to customers was issued on the occasion of such a change.) Nothing in current U.S. law or regulatory policy prevents Amazon from doing so.

In the European Union (EU), where laws demand customers' approval of the uses to which their data are put, Amazon might not have been able to change its policy so easily. Criminal, as well as civil, penalties apply, in the EU, to companies that permit sensitive information (like an identifier or a credit card number) to be used in ways that aren't specifically authorized by the original owner of the information-the person the information describes. But there's little evidence that the United States will follow Europe's lead soon. And in a global economy, where a company taking an order via a phone or the Internet might be located almost anywhere, information can easily migrate to a place where restrictions are even less stringent than those imposed by public opinion in the United States.

I interviewed Victor A. Kovner, a First Amendment authority and former Corporation Counsel of the City of New York, in October 2001, and I mentioned Amazon's policy change to him. "That's why I don't buy on the Internet," he said drily, and I laughed. But Kovner missed the point. It's not about the Internet, and it's not about Amazon. It's about anyone who uses a credit card, and it's about any company that accepts one. Amazon didn't do anything that any other company couldn't do. Data arrived via the Internet, but had they come over the phone or in the mail, it wouldn't have made any difference.

Unstoppable Momentum

In the aggregate, the amount of electronically stored data about individual behavior is massive, detailed, and growing. It includes what we buy, where we buy it, where we go to eat and to entertain or educate ourselves, the people we call on the telephone and how long we talk to them, the correspondence we receive and send via e-mail, the names of businesses and individuals we correspond with, the content of the correspondence, the addresses of Web pages we visit, and the amount of time we spend at each address.

The stored data will continue to grow. Intelligent devices and electronic communications provide too much apparent value for most people to ignore. We want to be as productive and comfortable as our machines can possibly make us, and no one wants to be left behind or left out.

Continues...

Excerpted from World Without Secretsby Richard Hunter Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.