From: Roy Roebuck <roebuckr@erols.com>
To: 504.SMTP("senator@feinstein.senate.gov")
Date: 6/10/97 09:53
Subject: Internet Privacy: Balancing Control and Productivity
Hi Senator Feinstein:
I've just read the online article by Valerie Rice, and I applaud your search for a solution to privacy on the Internet. I believe in voluntary controls as in newspapers and other publications, based on ethics and judgement, and less on regulation. Unfortunately, the persons and organizations publishing and editing on the Internet today are not always schooled in ethics or have the experience or cultural context to exhibit good social decision making. This seems to force us to look to regulation for a solution. I'd suggest however that where the ubiquity of Internet publishing and dissemination technology is part of the privacy problem, other Internet technology can provide the mechanism of a solution.
I suggest you consider examining and then advocating the use of combined
Digital Signature and Network Directory technology to enhance and expanded on the capability and capacity of the newly touted Open Profile Standard
(OPS), making it an Open "Privacy" Standard. Let the person's recorded
"Profile" control who can see inside their "privacy domain", as well as identify what they're interested in seeing in the world at large.
Security-enabled profiling can serve a multiple purposes: it identifies the
"context" of the person, thus identifying what they want to see (their interests), and what they don't want to show (their privacy), while proving who they are.
A Digital Signature is an encryption artifact issued by a Certificate
Authority to a person, computer process (like a news-gathering robot), a role, or a group. The Certificate Authority who issues the Digital
Signature/Certificate, is a "Trusted" party, who operates within what is called a Hierarchy of Trust, usually following organizational lines. An everyday analogy would be of a government agency (Certificate Authority) issuing a Driver's license (Digital Certificate), which correspondingly serves as an Identity Card (Digital Signature) across all states. The root of this Trust Hierarchy/Tree can be maintained by either private or public entities (or both). The result of this Tree of Trust is that Certificates can be decentralized to whatever degree is necessary - so long as the
Certificate Authorities are able to tangibly validate each other's identity, are assured that each have good controls for identifying who they issue certificates to, and then to technically "Cross-certify" each other's certificates.
While the Trust Hierarchy identifies and controls who can issue certificates of identity, the Network Directory can identify what information or other resources are available for use, under what conditions and by whom, and display that information hierarchically. Essentially a directory is a hierarchical online catalog of objects managed by an enterprise or multiple enterprises. The best analogy to an online directory is the concept of folders, subfolders, filenames, and file contents presented by a program such as Microsft Windows Explorer or File Manager or another "resource browser", or alternately, and more accurately, the hierarchical email address books found in many newer email programs. The
Directory shows known resources/objects, organized by classes/folders, subclasses/subfolders, instances/filenames, and attributes/file-contents.
By themselves, the network Certificate and Directory don't do much in the way of protecting privacy while identifying interests, but when combined with advanced profiling technology, we can approach balanced access within a network. The profile essentially says: here's who I am (the certificate), here's what I'm interested in (picked from the managed Directory of subjects), here's my background/privacy information (both picked from the
Directory and entered directly), and here's who can see the different pieces of my profile (picking other people's/process' certificates from the
Directory). Additionally, within an organization, a person's supervisory authority can generate interest/involvement/authority profiles for the
"positions" within his area of responsibility, and then match a person's digital certificate with the position's profile, allowing access control to corporate resources. Note that this developed profile can now be used to increase or constain the access of the person, position, or process to the
Directory information and its links to resources/content (profile=requiremen t, profile+certificate=permission, profile+certificate+directory=secure access to resources and accountability). This is an obvious simplification, so I hope it conveys the capability of the combined certificate/directory/pr ofile approach. It would enable new levels of capability in managing what information we're presented with (our interests), and in what information we show (our privacy).
The terms of the technologies described above are X.500 Directories (with extended Directory Information Tree - DIT and supplemental databases to encompass more real-world objects), and X.509 Digital Certificates.
If I can provide further assistance or clarification, do not hesitate to have your staff contact me.
Roy Roebuck
One World Information System
703-598-2351 roebuckr@erols.com
CC: Roy Edgar Roebuck <roy.e.roebuck@cpmx.saic.com>