tecznotes

Michal Migurski's notebook, listening post, and soapbox. Subscribe to this blog. Check out the rest of my site as well.

Apr 18, 2005 4:04am

simplicity and verification

Two articles crossed my feed reader today: Bruce Schneier on mitigating identity theft, and a one-sentence post from Thomas Vander Wal on simplicity and complexity:

We must understand and embrace the granular and complex to make things simple for the person.

Bruce says:

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can't involve the account holders. ... Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

These two ideas feel related to me. Thomas generally sums up recent developments in web interface design, notably the "search, don't sort" approach of Google News GMail, and the recent excitement about tagging and folksonomies. Granularity and complexity are being offloaded onto the site owner, where they belong. People who use a service are no longer expecting to engage in their own hierachical sorting of information (because nobody actually wants to do that). Rather, they are using simpler methods for annotating their stuff in a way that makes it easier to find later.

The link to identity theft I have in mind is the locus of responsibility. Currently, victims are responsible for fixing the damage. I check my credit reports every few months to look for fraud, I shred my mail, and I know people who've had severe damage done because they let their social security numbers slip into the open. In Bruce's perfect world, the companies that let your data out would be responsible for the damage, in the form of distributed liability. They would deal with the granularity and complexity of verifying individual transactions, so that their clients can benefit from greater simplicity.

Also, I like Thomas' focus on "the person" rather than "the user". A shift in attitude may help companies such as ChoicePoint regain the trust of the public, if they begin to understand their business as helping people manage the flow of their personal information in the world.

Comments

Sorry, no new comments on old posts.

December 2024
Su M Tu W Th F Sa
    

Recent Entries

  1. Mapping Remote Roads with OpenStreetMap, RapiD, and QGIS
  2. How It’s Made: A PlanScore Predictive Model for Partisan Elections
  3. Micromobility Data Policies: A Survey of City Needs
  4. Open Precinct Data
  5. Scoring Pennsylvania
  6. Coming To A Street Near You: Help Remix Create a New Tool for Street Designers
  7. planscore: a project to score gerrymandered district plans
  8. blog all dog-eared pages: human transit
  9. the levity of serverlessness
  10. three open data projects: openstreetmap, openaddresses, and who’s on first
  11. building up redistricting data for North Carolina
  12. district plans by the hundredweight
  13. baby steps towards measuring the efficiency gap
  14. things I’ve recently learned about legislative redistricting
  15. oh no
  16. landsat satellite imagery is easy to use
  17. openstreetmap: robots, crisis, and craft mappers
  18. quoted in the news
  19. dockering address data
  20. blog all dog-eared pages: the best and the brightest

Archives