My digital footprint personal data tradeoff report

Illustration for Analytic Hierarchy Process ar...

Image via Wikipedia

In an earlier post, I mentioned about the Digital footprint summit  for which I am working with Tony Fish

Here is another element we are considering as part of this event. For the lack of a better word, I will call it: My digital footprint personal data tradeoff report

The crux of the issue with My Digital Footprint is the propensity of customers to trade data for services

So, the question is: Could we predict the tradeoff between what elements of customer data would we share and for what services?

This is more than a survey and possibly involves techniques like the Analytic Hierarchy Process AHP  and pairwise comparisons

I seek comments on this if you are interested to know more





Enhanced by Zemanta

The Telco/Mobile Operator Cloud – what are the unique aspects for Operators?

I have been asked this a few times .. and its a changing goal post ..
Time to do a quick recap of my views

Qs is: What are the unique differentiators/ advantages for the Telecom Operator for the Cloud?

Here is a brief summary

The Cloud
- The Cloud can be seen to be ‘on demand/metered’ access to HW, SW and services. Hence, its all about business models

- Cloud converts CAPEX to OPEX. The ideas are not new but the technology is here which makes the business model feasible. There are many advantages – ex scaling, outsourced sysadmin etc

- Amazon S3 and EC2 clouds provide access to computing resources – ex disk storage, CPU etc and are one of the best example of Cloud services

- The problems with Cloud are the same as that of any ‘outsourcing’ –security, privacy etc etc

What can ‘telecoms’ do for the Cloud?
- In a word of ‘on demand’ services – the question arises – which services can telecoms uniquely provide(typically then Operator) – which others like amazon cannot

- Convergence is one i.e. you are with one provider and that provider manages your mobility ‘seamlessly’ at home and outside and also stores all your data

- This model has some limited success(typically in fixed to mobile convergence for homes) and in enterprises but has not really taken off

- ‘Bandwidth’ is another service that can be provided by the Operator ‘on demand’

- Ericsson is widely reputed to be speaking of 50 billion connected devices by 2020. The management of these devices could be an important part of the Mobile cloud

- Similarly, management of sensors in venues such as cafes could also be ‘outsourced’ and managed by the Operator

- The Operator could also sell QOS(Quality of service) but end to end QOS is hard to sell and gurantee for Operators

- There is now a clear trend to store music in the cloud (maybe followed by other content) ex from Apple to be announced next week

- Security, Privacy and Identity will always the the forte for the Operator

Managing the Cloud ecosystem end to end for the Telecom operator
- One of the unique challenges which Operators face, especially in the West, is that Operators do not control the device.
- This has relevance in the cloud context since many of the benefits (ex security, guaranteed QOS etc) cannot be provided unless the Operator also has a ‘footprint’ on the client(device)

- This can be achieved in at least three ways: A SIM card (which is controlled by the operator), an operator managed ‘on device portal’ or devices like femtocells

considering the view that the Operator Cloud advantages can only be deployed if they have some footprint on the device, then there are three possible options

a) Security, privacy, Identity – you do not have to necessarily go via the Operator route for these, but the Operator has a long history in this space and also the motivation. I am moderating some webinars (free) at the Sim alliance on this topic and I will summarise these ideas more

b) Sensors and other devices – these are ‘greenfield’ and in some cases, the security, privacy and Identity arguments also

c) There is also a wider aspect of ‘Voice and the Cloud’ which Martin Geddes and Dean Bubley are speaking of and that is also a differentiator for the Operator

That’s my thinking so far ..

comments welcome

M2M LTE and the next generation SIM applications – my talk at the LTE world summit in Amsterdam

M2M LTE and the next generation SIM applications – my talk at the LTE world summit in Amsterdam

Machine to Machine (M2M) refers to the idea of devices that transmit and receive data over a network, typically
from remote locations. Application domains include healthcare, energy networks etc

- O2 + Smart metering company G4S – deploys a remote management system including around 200,000 SIM cards,
to connect smart meters across the UK to G4S’ data centre.

- Telstra introduced a web-based self-service platform, allowing organisations to manage M2M products

- Operators like M2M because predictable billing , more connections etc

Currently 5 billion users worldwide connected to mobile networks and Ericsson estimates there will be 50 billion connected
devices by 2020. These devices need certification, authentication, registration and management(ex SW upgrades) + QOS


Machine to machine is two (intelligent) machines communicating with each other

Internet of things is about interacting objects(active or passive) – ex includes RFID

M2M is a subset of IOT

many factors driving IOT

[email protected]: Google I/O last week – An IOT – home gateway used by Lighting Science to connect an Android tablet to mesh-networked LEDs. Pitched towards inexpensive hardware for mesh networking.
• Networked LEDs and devices over WiFi
• A Tungsten music player reacting controlled via NFC. Once the CD touched the player, it automatically started playing the album.
• Microsoft – Smart Home, Kinect , IBM, Cisco and HP all have sensor development and service platforms
• Homeplug,
• Smart objects,
• Ipv6
• NFC for interactions vs. NFC for transactions.
• Tap and know’ vs. ‘Tap to pay’ – NFC can extend itself to signage, posters, billboards and other merchandising and
advertising mediums, Compare prices, read reviews, receive a coupon – replaces bardcode scanning (but less clunkier) –
(image GigaOm)

• NFC is now being built into many devices – especially Android, Samsung, Blackberry and Apple

• 150,000 retailers in the U.S. with readers that accept NFC transactions but mass market penetration 3 to 5 years away

• Interactions may come before transactions .. (easier problem to solve)

• Visa is launching a system that includes
: an e-commerce offering,
an m-commerce offering and
an offline piece for point-of-sale transactions.

• Disruptive because – it is a platform (includes other providers, allows customers to choose cards, allows promotions
and couponing)

• Visa recently announced a strategic investment in Square
• PayPal is expanding its online efforts and going more mobile, Amazon is reportedly considering its own NFC
• Apple is also reportedly looking at NFC AT&T, Verizon and T-Mobile’s Isis
• Facebook credits
• LTE is all about high performance, low latency and low cost.
• But selling advantages of a network has not been easy for Operators since customers do not understand networks,
they understand services.
• While Operators have been good at selling simple, mass market services globally; how they can do this in the
LTE world remains a challenge.
• In the LTE world, the SIM plays a mandatory role as specified by 3GPP
• But the SIM is also evolving and could play a role as an enabler of services and in management of services
• Which services? Services based on the SIM for LTE and M2M may be based on mass market elements like
Security, Mobility and Identity

- Identity takes on more significance. Recently, the NSTIC (National Strategy for Trusted Identities in Cyberspace)
US govt – officially unveiled its plans for a national secure internet ID program.

- This initiative will be voluntary and largely driven by various private sector companies, who will be responsible for verifying your ID

- It provides you with secure credentials that you’ll be able to use across the internet
– the credentials themselves could simply be a secure application, or something like smart card or SecurID token.

Outsourced management services of devices(la IBM, Accenture) – ex privacy and security is a good initial model

Objects as a service. Cloud (on demand SW and HW) and m2m
– not buy but rent
Security and privacy issues are drivers(not just enterprises but cafes!)

We are seeing the development of open platforms and that’s good development for the ecosystem(Visa and Sim

To conclude:

- Telecoms not the only way for M2M/IOT.
- Means learning to play in a broader ecosystem vs. controlling it. We are seeing the rise of Open platforms (Visa, Sim alliance etc)
- Interactions vs. transactions. Interactions may come first
- Mobile Broadband is a good analogy. But in niches (health, smart grid). Operators are good at managing access networks
- Portion of revenue within ecosystem is a good pie …ARPU valuations may have to change(machines are not people).
Operators can reuse existing assets leverage network
- Outsourced management services of devices (la IBM, Accenture) driven by privacy and security is a good initial model
(not just enterprises but cafes)

PS: I am a part of webinars at the Sim alliance covering various aspects of M2M, SIM, NFC and APIs

Image sources:


NSTIC’s Effect on Privacy Tomorrow – Analysis white paper from Identity Finder

The Department of Commerce released the final draft of the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Strategy for Trusted Identities in Cyberspace last week

Attached is a white paper from Identity Finder, LLC that examines possible impacts of the (NSTIC) on Privacy.

Identity Finder has found that to successfully implement its visions of privacy, security, and secure identities, NSTIC must call for Federal regulation that will:

· Hold all Identity Ecosystem Participants to legal and technical standards which implement Fair Information Practice Principles (FIPPs) and baseline privacy and security protocols

· Create incentives for businesses to not commoditize human identity

· Compensate for an individual’s unequal bargaining power when establishing privacy policies

· Subject Identity Providers to similar requirements to the Fair Credit Reporting Act

· Train individuals on how to properly safeguard their Identity Medium to avoid identity theft

· Ensure that consumers and advocates have a meaningful voice in the development of NSTIC policy

Identity Finder’s Chief Privacy Officer, Aaron Titus, warns, “We all have social security cards and it took decades to realize that we shouldn’t carry them around in our wallets. Now we will have a much more powerful identity credential that lets us carry it in our wallets, phones, laptops, tablets and other computing devices. Although NSTIC aspires to improve privacy, it stops short of recommending regulations to protect privacy. The stakes are high, and if implemented improperly, an unregulated Identity Ecosystem could have a devastating impact on individual privacy.”

If NSTIC fails to implement the necessary regulations, the resulting Identity Ecosystem could turn into a free-for-all Identity marketplace, and create the following risks:

· Powerful identity credentials which, if lost or stolen will enable hyper-identity theft

· A false sense of control, privacy, and security among Users

· New ways to covertly collect Users’ personal information

· New markets in which to commoditize human identity

· Few consumer protections against abuse or sharing personal information with third parties

· No default legal recourse against participants who abuse personal information without consent

A free copy of the whitepaper can be downloaded at: Identity finder NSTIC white paper

See the NIST video to get the context

What prevents a Telecom Operator from being a full fledged Identity Provider?

Hello all

I am seeking feedback/ looking to interview someone for an ongoing blog/ paper article
This is a new class of blogs where I will start to work with key industry issues and seek feedback / interviews from experts as they evolve. Here is the first of these blogs ..

If you want to give me your views anonymously, please email me on ajit.jaokar at
Any comments welcome and also any more QUESTIONS welcome! I think the framework itself needs to be defined

Why cannot the Telecom Operator be an Identity Provider? i.e. What prevents a Telecom Operator from being a full fledged Identity Provider

Here are some more top level questions and thoughts

1) What is an Identity provider? and for that matter what is Identity?

2) How do you decide who becomes an identity provider? (using basics of trust levels

In principle, Anyone can become an OpenID provider. That is why OIX exists. A service provider can use the OIX framework to determine the level of trust you can put in an IdP. So, why would an Operator not become an Identity provider?

3) What is lacking for Telcos to be full Identity providers(what are the limitations?)

4) Who governs regulations in Europe, UK and USA?

5) What is the role of the client for end to end Identity provision?

6) When it comes to Telco, what elements are relevant to be a true Identity provider? (end to end)

7) Relationship between Identity and authentication Is Identity the thing as authentication?

Authentication is the provision of a set of credentials issue an identity token. if so are there general requirements regardin the strength and of the authenication presumed when an identiity token is issued are there requirements about how it can be used.

What is an identity token – is it a virtual representation of yourself – which can then be provided to other services – and those services can use that token as a proxy of yourself – (meaning you do not need to be re-authenticated)

Are there standard implied “things” that can be inferred/implied by a token

Is a token unique over time. – and if not unique, for it to have any use between independent peer entities – then there must he a common convention understanding of what the qualities of the token are – or each token just sees a random number…..

8 ) Can telcos provide tools for others to be Identity providers? (to be a platform)

9 ) Standing on the shoulders of giants .. How can a stack be built from existing technology?
What is already existing and how can that be leveraged?

In the OpenID sense, identity is just a URL, which someone makes a claim about.

The role of an identity provider (IdP) is quite well defined. Looking at OpenID, anyone can be an IdP, but in order for resource providers to know the level of trust they can put in an IdP, the Open Identity Exchange (OIX) was created, which can certify IdPs claim to different trust levels. Thus OIX provide the trust framework, not only for OpenID IdPs, but for any identity provider.

10 ) PDS – Personal data stores – What roles do they have to play? I have covered Private planet and Mydex on this blog before

11) What are the gaps? – in the stack, the telco and the legal framework

12) Understand the evolution of internet privacy and federated social networks.

13) Software signing and authentication of web servers are well known and deployed technologies. If by certification mean an audit process of apps, similar to what Apple and Brew does, this is object level authentication and could tie to a person level authentication

14) Identity of an individual vs Identity of an object

15) OIX From the OIX FAQ:

What Open Identity Trust Frameworks are OIX now servicing?

The US General Services Administration (GSA) and the Identity, Credential, and Access Management Committee (ICAM) has approved OIX as the first trust framework provider to the US government. This permits OIX to issue certifications for the US ICAM LOA 1 trust framework to identity providers who are assessed to meet its identity, security, and privacy requirements. The National Institute of Health (NIH) is the first US federal agency to move into production status to accept OpenID and Information Card credential issued by OIX-certified identity providers.

Are there any identity providers certified for US ICAM? what is the telco role in this space?

16) Are other governments adopting the trust framework model?

17) What about Minimum disclosure as an Identity Solution

So, any comments welcome and also any more QUESTIONS welcome!

Happy to reference you if you want
kind rgds

Image source:

The fallacy of the Better mousetrap: Privacy advocates want to have their cake and eat it too

The fallacy of the better moustrap.jpg

I saw a curiously mis-titled article from Julie Meyer called ‘Why the IT sector is vital for small firms’

The article is actually about privacy, digital footprint etc and it says:

If they (Google) don’t cut the individual into receiving a piece of the value of their personal information, as it is used in search and purchase transactions, someone will, and that new party will rise to dominance.

Recently, there have been many such discussions mainly targeting Google, Facebook and other players ..

I have a differing view on this .. Let me explain ..

Suppose you are walking down the street. A stranger takes a picture (not YOUR picture – but a picture of the surroundings). While you are not the focus of the picture, you are ‘in it’ because you were walking.

Now, she enters the picture in a competition. She wins a 1000$.


But, would you ask for your share?

Note that the picture is not about you, you just happen to be in it.

In the words of the privacy advocates, your ‘personal data’ in this case, image, has been used by someone else for (shock, horror!) commercial gain!

They proclaim: ‘Give us our share! You did not ask our permission. WE own the data. And YOU profit from it’!

This is of course silly .. But exactly the same case is being made here

There is also another aspect to this.

People WANT to contribute to the web because they want to be found. Maybe someone sees your picture in the photo and if you are attractive enough, makes you a modeling offer!

In other words, people who contribute content are discoverable and there are benefits to the person (often commercial) to being discovered.

But what if you DON’T want to be found?

Do what Rupert Murdoch does .. Password protect your content

If it works for Rupert, it will work for others?

But will it work for Rupert(let alone for you!) (PS: Note that According to his biographer Michael Wolff, Murdoch has not used the internet, let alone Google (he only recently discovered email)

I think not ..

Here is why ..

There is a saying from Ralph Waldo Emerson that: If you build a better mousetrap, the world will beat a path to your door ..

But do you really believe that in the Internet world, others will beat a path to your door?

Much as I like the work of the Sage of Concord/Ralph Waldo Emerson , this wisdom does not apply to the Internet age ..

Many people who may try to assign a value to their personal information may subscribe to this fallacious view i.e. somehow that their content is valuable and that if only it were ‘gated’ we could monetize that value (directly or indirectly)

In my view, the options are password protect (which is a valid choice) OR treat it like a random photographer in a tourist destination. Hope that someone sees you in that picture and makes you a modeling offer :)

But you can’t have it both ways! i.e. publish your content/data and then ask for a share of profits!

Image source: