[Dave Birch] Sometimes, management consultants can perform an extremely useful function by finding a way to communicate some complicated aspect of the intersection between business and technology in a soundbite. I don't mean this in any disparaging way at all. There is obviously, so far as the technology guys are concerned, a danger in using a glib phrase to substitute for more nuanced concepts. But the fact is that the technology guys, and I count myself as one of them, don't always communicate effectively with business, policy and regulatory people in the most productive way. For this reason, I think that the good people at Booz & Company have made a very useful contribution to the discussion and debate around the emerging digital infrastructure for society as a whole by introducing the phrase "digital confidence" into the lexicon. Once you see the phrase it is obvious what it means, which I find to be the hallmark of a useful addition to business discourse. What they are saying, in essence, is that society needs to evolve confidence in the infrastructure in order to take the maximum advantage of that infrastructure whether in business, education, government, health or any other sector. They explain the phrase more fully in the Spring edition of their "strategy+business" magazine in an article called "Watching over the Web".
There are really two parts to the concept that I think it would be useful to use as the foundation for a worthwhile discussion during the Identity & Privacy Forum (IDP). The first is the concept, which I agree with, that technology alone cannot develop digital confidence in the population. The second, which I disagree with, is the Booz view that it should be broadband providers who are responsible for delivering digital confidence.
I can see their logic in suggesting that as a broadband providers have a billing relationship, and for that matter potentially other relationships, with customers in a fixed location it therefore makes sense to make that relationship the core of a set of digital confidence efforts that combine technology tools, legal and regulatory structures, consumer protection and education to essentially create a better infrastructure. I'm sure that their view accords nicely with the view of many other established stakeholders such as the music industry (which wants to track down and punish file sharers), interest groups who want to promote online safety, legitimate law enforcement interests (clearly, no one can argue that there are bad things that need to be stopped) and many others, including repressive regimes who want to track down and perhaps even prosecute critics and dissidents. One can imagine the attraction of an argument to government that says that people shouldn't be allowed to use the Internet at all unless they login, perhaps using some kind of smart identity card, on the grounds that terrorists, pornographers, criminals and unscrupulous persons are using the Internet to get up to no good.
The problem is that this approach delivers the wrong kind of infrastructure: an infrastructure that is perfectly safe for the "incumbents" but with no room for opposition, for creativity, for novelty, for experiment. I think it would be better to leave the network infrastructure alone and put a new layer of infrastructure on top of it, a digital identity infrastructure that allows for optional degrees of confidence in the connection between virtual and real identities.
While some form of, for want of a better name, "identity and privacy layer" over the top of existing network infrastructure may seem an additional complexity, I would argue that it delivers the combination function and flexibility that is needed. None of us know how the interconnected society is going to work in practice so we need to create a better balance. One way of doing this, of course, would be to encourage transparency and competition. If consumers were better informed and could choose between different degrees of privacy and service, thanks to some standardisation in the identity and privacy layer,
consumers should vote with their clicks—use the search engine that gives them the right balance of privacy and search quality. Instead, my fear is that search engines are going to engage in a contest to tacitly agree to fix the length of data retention to get the regulators off their backs. In the end, that will be bad for consumers.[From Privacy Pandering at The Catalyst Code]
This leads on to my main point: if privacy becomes part of the consumer proposition (so that companies are competing to provide digital confidence to end customer even though they are using shared services from the identity and privacy layer) then we are more likely to move forward than if digital confidence becomes a matter of legislation and ombudsmen. Competition is what will deliver confidence in the end.
You can have security without privacy, but you cannot have privacy without security.