tecznotes

Michal Migurski's notebook, listening post, and soapbox. Subscribe to this blog. Check out the rest of my site as well.

Apr 18, 2005 12:04am

simplicity and verification

Two articles crossed my feed reader today: Bruce Schneier on mitigating identity theft, and a one-sentence post from Thomas Vander Wal on simplicity and complexity:

We must understand and embrace the granular and complex to make things simple for the person.

Bruce says:

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial intuitions. That means that any solution can't involve the account holders. ... Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone, or Internet, where no one verifies the signature or even that you have possession of the card. Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.

These two ideas feel related to me. Thomas generally sums up recent developments in web interface design, notably the "search, don't sort" approach of Google News GMail, and the recent excitement about tagging and folksonomies. Granularity and complexity are being offloaded onto the site owner, where they belong. People who use a service are no longer expecting to engage in their own hierachical sorting of information (because nobody actually wants to do that). Rather, they are using simpler methods for annotating their stuff in a way that makes it easier to find later.

The link to identity theft I have in mind is the locus of responsibility. Currently, victims are responsible for fixing the damage. I check my credit reports every few months to look for fraud, I shred my mail, and I know people who've had severe damage done because they let their social security numbers slip into the open. In Bruce's perfect world, the companies that let your data out would be responsible for the damage, in the form of distributed liability. They would deal with the granularity and complexity of verifying individual transactions, so that their clients can benefit from greater simplicity.

Also, I like Thomas' focus on "the person" rather than "the user". A shift in attitude may help companies such as ChoicePoint regain the trust of the public, if they begin to understand their business as helping people manage the flow of their personal information in the world.

Comments

Sorry, no new comments on old posts.

October 2017
Su M Tu W Th F Sa
    

Recent Entries

  1. planscore: a project to score gerrymandered district plans
  2. blog all dog-eared pages: human transit
  3. the levity of serverlessness
  4. three open data projects: openstreetmap, openaddresses, and who’s on first
  5. building up redistricting data for North Carolina
  6. district plans by the hundredweight
  7. baby steps towards measuring the efficiency gap
  8. things I’ve recently learned about legislative redistricting
  9. oh no
  10. landsat satellite imagery is easy to use
  11. openstreetmap: robots, crisis, and craft mappers
  12. quoted in the news
  13. dockering address data
  14. blog all dog-eared pages: the best and the brightest
  15. five-minute geocoder for openaddresses
  16. notes on debian packaging for ubuntu
  17. guyana trip report
  18. openaddresses population comparison
  19. blog all oft-played tracks VII
  20. week 1,984: back to the map

Archives