Google's Oil Spill

Google's Macondo Street View team cannot seem to get the right combination of top kill or cap to fit on its MAC spillage. Your MAC is not like a house number (which everyone knows and are used for many purposes), MAC address is scoped to one use. There's no harm in collecting MACs, the hell you say, there's a number of evil emergent cocktails that can come out of this. Its not so much the MAC itself, its the association of the MAC and the gelocation and time - combining something unique like MAC with geolocation.

This looked like a rogue team (or as Google put it last week a "rogue software engineer") until this shocking announcement that Google is patenting (emphasis added) - "The invention pertains to location approximation of devices, e.g., wireless access points and client devices in a wireless network."

It seems pretty obvious that any number of permutations of problems  will result by combining private client data and geolocation. Maybe Google books should scan a copy of J.C. Cannon's book "Privacy: What Developers and IT Professionals Should Know" and Stefan Brands Primer on User Identification.  In both works you see the risks of promiscuously mixing identification cocktails and the unexpected leakages that result. In addition, what does benefit to the user who is being spied upon does all this spying create?

Increasingly, we are faced with questions like - do I want to turn my whole life over to Apple and their shiny happy Disneyland experience and be utterly locked in down to the hardware/data level; or Google who will spy on me with the NSA and then sell me ads? These choices are like being asked which Menendez brother do I prefer.

That was fast

...the digital natives may be getting some better tooling faster than I thought. I am sure you already know there is a northern alliance and Redmond is U-Prove enabled. I fondly remember a lengthy conversation I had with Stefan Brands in Croatia several years ago, while he patiently explained to me how misguided the security-privacy collision course way of thinking is, and instead how real security is only achieved with privacy. If you have not already, I recommend you read Stefans' primer on user identification.

Here is hoping that the combination of Stefan's breakthrough innovation and some Redmond engineering talent equals a third security mechanism that we can all use (we already have the reference monitor (sort of) and crypto (ibid) a third mechanism wouldn't hurt). As iang points out its all about minimal disclosure. I guess what I see as the potential breakthrough is the mixture of the composeable CBAC packaging framework with a set of algorithms that avoid the panopticon. An obvious worst case for SOA, Web services security is that instead of optimizing and creating interop for increased (read message level) security, we instead optimize a panopticon! Instead we want to keep the interop but not enable the linkage which is the precise problem that Stefan's work addresses.