tecznotes
Michal Migurski's notebook, listening post, and soapbox. Subscribe to 
this blog.
Check out the rest of my site as well.
Apr 17, 2005 9:04pm
simplicity and verification
Two articles crossed my feed reader today: Bruce Schneier on mitigating identity theft, and a one-sentence post from Thomas Vander Wal on simplicity and complexity:
We must understand and embrace the granular and complex to make things simple for the person.
Bruce says:
Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can't involve the account holders. ... Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.
These two ideas feel related to me. Thomas generally sums up recent developments in web interface design, notably the "search, don't sort" approach of Google News GMail, and the recent excitement about tagging and folksonomies. Granularity and complexity are being offloaded onto the site owner, where they belong. People who use a service are no longer expecting to engage in their own hierachical sorting of information (because nobody actually wants to do that). Rather, they are using simpler methods for annotating their stuff in a way that makes it easier to find later.
The link to identity theft I have in mind is the locus of responsibility. Currently, victims are responsible for fixing the damage. I check my credit reports every few months to look for fraud, I shred my mail, and I know people who've had severe damage done because they let their social security numbers slip into the open. In Bruce's perfect world, the companies that let your data out would be responsible for the damage, in the form of distributed liability. They would deal with the granularity and complexity of verifying individual transactions, so that their clients can benefit from greater simplicity.
Also, I like Thomas' focus on "the person" rather than "the user". A shift in attitude may help companies such as ChoicePoint regain the trust of the public, if they begin to understand their business as helping people manage the flow of their personal information in the world.
subscribe to this site.
|
contact Michal Migurski