As social networking identities are increasingly used as a gateway to web services, they are beginning to resemble a kind of one-size-fits-all data ‘passport,’ but with the monopolies held on internet services by companies like Facebook, Google and Twitter, users could be widely handing over the ownership of their data whether they realize it or not.
A kind of online ‘passport’ is most likely to take shape as a commercial entity, offering certain benefits to users that they would not otherwise have access to. But by using these IDs, consent is given on the terms of the company that issues them.
By using a free service, data becomes the currency with which a user pays for a service, and the perception is that the broader the scope of collecting that data, the better for the provider. A unified profile that acts as your passport to certain services would necessarily build a treasure trove of information about you as an individual, gold dust to businesses that depend on harvesting data.
Although Facebook Connect and Google logins have been well established around the web for a number of years, it is quite possible, according to forward-looking research such as Trend Micro’s 2020 report, that these will be expanded away from just the computer or smartphone and into more areas of our lives. Possibilities include wearable technology and even gaining access to features in our vehicles. Mark O’Neill, VP of Innovation at Axway, says social logins are an emerging trend in the connected car, for example. Same profiles, new applications.
“You consistently see social networking identities being used as passports way beyond the social network which they were originally designed to facilitate access to,” Trend Micro’s Rik Ferguson, vice president for security research, tells Forbes.
“You see Twitter buttons and Facebook ‘like’ buttons on pretty much every page, and when logged into your Facebook profile, a whole load of information is going back through that identity about your web usage habits and creating this already more tailored experience,” Ferguson says.
As a commercial option, Ferguson thinks a catch-all online identity could really take root in the next two years.
Call it skeptical, wary, or paranoid: among tech-savvy individuals, there will be no shortage of concerns about handing over even more of our data to this or that monopolist. If the concept becomes even more widespread, as Ferguson expects it to, putting this much information under one roof practically invites theft.
“We’ve seen plenty of attempts throughout history where technological innovations have been marketed by huge companies and have not been adopted by consumers and have since failed,” Ferguson says. “Consumer adoption is still key to success.
“But,” he continues, “it will also develop in the ways that commercial companies want it to. Anything that is making money for a commercial organisation will be pursued, as long as it’s legal. The volume of data is no longer scary to those people who have that interest,” Ferguson says, but he insists that any implementation of the internet must make provisions for a level of anonymity. “Or what we’re going to end up doing is giving criminals new ways to hide, and creating vast volumes of data about the innocent.”
The earliest of the Snowden leaks shed some light on how state agencies do not need to actually build all of the infrastructure themselves to spy on us. Private industry collects data first, government becomes interested second.
Nick Pickles, director at privacy campaigning group Big Brother Watch, says ubiquitous online identities certainly offer convenience, but users should not let this turn them apathetic.
“If done properly it should enhance people’s privacy by allowing them to control what identity information they are disclosing, and to whom,” Pickles says. But “one of the fundamental challenges is to prevent this becoming yet another way to track our activity online.”
“If companies like Google and Facebook are going to offer such products, it isn’t hard to see how they could become another avenue for those businesses to monitor what we are doing, far away from their own services,” Pickles warns.
Rafael Laguna, CEO of German open source company Open-Xchange, claims using social networks as a means of identity can grant a certain level of access to those issuing the IDs that may not be immediately apparent.
“Those services might be forced to collaborate because of the market power of Facebook or Google, who can then share what I’m doing on another service,” Laguna says. “But we are already followed around the web by cookies and similar technologies.
Comparing the NSA revelations to his native East Germany, where the secret police of the Stasi indiscriminately amassed as much data as they could, Laguna says spying is even easier now. “Governments have it much simpler because they have these central points they need access to, and then they get to everyone anyway,” Laguna says. Wider implementations of online identities with no transparency or consumer control would place even more data in these central points.
An identity permit, according to Laguna, would need to be federated and distributed to be really trusted. In his opinion, principles that began in the open source movement must now be extended to the cloud: services provided by Facebook or Google are not only closed, but not even installable on a machine – meaning you need to use the service to get to your data. “The provider now owns the data or sometimes even claims ownership,” he says.
“To cut a long story short, take the ideas of what started with open source into the cloud age,” Laguna says, “and make sure we create honest cloud services. That’s a way to regain control over data, because we’ve lost it already.”