... from the desk of Roger Sullivan

Friday, September 22, 2006

Remembering

As I mentioned in an earlier post, I lived in Lower Manhattan while with Phaos Technology prior to Oracle acquiring the company.

As the nation remembers the events of September 11, 2001, I will forever remember the view from my apartment window.


This was taken in the Spring of 2002 and is toward the Northeast across the roof of Trinity Church. In the center of the photo, you can just see the top of "The Cross" at the WTC site.

No matter how hard the day went at Phaos, this view each night gave me a centering moment to think about priorities.

Thursday, September 21, 2006

Well THAT was a pleasant surprise …

I’m in SFO, returning to Boston. I have adjusted to the new TSA guidelines for prohibited carry-on items and have been able to remove the contraband, yet still maintain a degree of creature comfort – AND carry on my roller-bag. Life is getting back to ‘normal.’

I was originally going to post on my tips & tricks for carry-on bags. Mine are much simpler than others with their toiletry stashes in multiple cities. But as I was passing through security, a tall, imposing, suited gentleman walked into the area like he owned the place, and checked the x-ray screen - of my bag. My first thought was, “This can’t be good!” Sure enough, my briefcase was ‘snagged’ for the dreaded “extra screening.” [NB: IMO, a briefcase screen is potentially much more disruptive and time-consuming than a suitcase screen. Because, being a creature of habit, everything has its place. When the contents are removed, it’s a real pain to get them back in all their little compartments!]

The next thing I knew, the gentleman (did I mention that he was BIG?) was looking at me across the across the belt, asking “Where are you flying to today?”

Now, I don’t know about you, but even when I’m not doing anything wrong, that kind of innocent question in a relatively stressful situation can be pretty unnerving. And, I had read recently that this kind of “behavioral analysis” questioning is going to be part of the security screening process. Well, I hadn’t had time to even find my innocent-as-a-lamb face that I usually reserve for Border Control Officers – let alone put it on.

After a brief exchange of pleasantries, the gentleman handed me his business card! Now, I’m thinking, “Wow, this is a really new kind of behavior analysis test.” After I quickly scanned the card, he introduced himself as Mr. Edward W. Gomez, Federal Security Director, San Francisco International Airport.

Now comes the surprising part:

Mr. Gomez: “Do you travel a lot?”
Me: “Yes.” (Remembering to keep answers brief in high-stress situations.)

THEN HE SAID: “How are we doing here [in SFO] compared to the other cities you travel through?"

Here was a Federal Department of Homeland Security, TSA area director asking for a performance evaluation!

I must say that I was a bit surprised …OK, “stunned” is the more appropriate word. After recovering, (my jaw from the floor) I said that I thought that, in general the screening process is getting much more consistent from airport to airport. I appreciate this very much because I don’t have to remember whether this is the airport with the no-shoes policy. You simply always take them off. And that’s just fine with me. (And, by the way, I know that this was probably a stupidly inane response. But I was still recovering from my surprise. Mr. Gomez’s email address was on the card, and I intend to use it for a more thoughtful reply.)

We talked a bit more about the extra burden caused by the new “no liquids” policy and how that will continue to affect travel. I thanked him for his interest and the job that the TSA is doing and went to find my briefcase. (Remember, it had been ‘snagged.’)

When I got to the screening counter, the lady with my bag informed me with awe in her voice, “He’s the Big Guy!" I had already observed the "big" part, but that's not what she meant. She continued, "He’s responsible for this whole area.” She went on to say that there are many management layers between the line screeners and him but, “ … he comes down here all the time asking questions – just like that.”

As I left the screening area, I caught his eye once more and thanked him for his interest.

Well, let me say it a bit more publicly, Mr. Edward W. Gomez, you are to be commended!

We hear lots of negatives these days about Homeland Security and the TSA. But here is a senior dedicated public servant asking questions (many times) and being genuinely interested in improving his customers’ experience. He is setting a terrific leadership example for all those under his management.

On behalf of those traveling for business or pleasure through San Francisco, thanks very much, Edward Gomez!

Wednesday, September 06, 2006

Perspective

The following appeared in the New York Times today.


September 6, 2006
To Stay Alive, Iraqis Change Their Names
By EDWARD WONG


In part, the article goes on to say:


"The country’s Sunni-Shiite bloodletting is driving many Iraqis to bury the very essence of their identity: their names.


"To have to hide one’s name is considered deeply shameful. But with sectarian violence surging, Iraqis fear that the name on an identification card, passport or other document could become an instant death sentence if seen by the wrong people.
"That is because some first names and tribal names indicate whether a person is Sunni or Shiite."



Here in "IdentityLand" we discuss the nuances of whether users need to disclose personal information for a variety of transactions. Whether it's convenient or inconvenient, necessary or not, excessive or insufficient. These are legitimate topics that, ultimately, will mean the difference in how good systems are built and deployed for financial gains in their particular markets.

The Times article brings a whole new and sobering perspective to personal identity management and the relationship to one's "well being."

Comments on comments

Roland Sassen left a comment on my "...miles to go..." posting. Then Dave replied to my reply. I started a brief response, but got carried away ...

Yes, the technology exists (however exotic ala "Heartbeat-ID") to solve the personal identity portability problem. To a degree, that was exactly my point.

The issue remains that these technologies need to be deployed by reputable companies that I trust and that trust me - or the digital source of "me." This requires trust relationships between me, the Identity Provider(s) and the Service Provider(s). And the degree of trust is directly related to the "worth" of the transaction. Today, we're very much in a Jerry Maguire world. "Show me the money!" … and I’ll consider employing you as my [identity] “agent.”

There's a difference between needs of convenience, finance and well-being. The latter two are very important to my family and me and I'm willing to trade off (some) privacy concerns for personal gains that are financial or well-being (e.g. health, government services, etc.).

On the other hand, I will strictly control my privacy disclosure for relationships that are merely conveniences to me on the assumptions that: 1.) It’s none of their business; 2.) They don’t have a legitimate need to know; 3.) I don’t know what actual safeguards are in place to protect the data; and, 4.) I don’t know what they really intend to do with the information once it crosses the ether into the Service Provider bit buckets.

Years ago, the bank set all the rules for the one-to-one relationship. "Here are our conditions under which you may open a checking account, Roger." Today, information is shared with government agencies to try to prevent me from doing bad things with the money and/or discover if I am. Additionally, the regulators impose rules on my banking relationship that are beyond the control of the bank or me. It's the nature of the modern world. If I want the convenience of a checking account, I need to accept these rules. They were in full play when I opened a new bank account during my recent move.

These relationships are expanding and becoming one-to-many or even many-to-many involving businesses and consumers.

It is in this area where deployments are wrestling with the 'boundaries' between their needs, the needs of the consumer and the needs of their trading partners. These are not technical boundaries or limitations. They are all about contractual relationships – written or implied. It is difficult enough to establish these relationships where two parties are concerned. Add a third party (or four or five parties), and the complexity goes up exponentially.

The fact of the matter is that there are relatively few of these large-scale commercial deployments in place today where the interconnectedness could be leveraged as I wished to do. As these grow and we all become more experienced, that experience will trickle down to the “convenience” applications. The examples that I was trying to give were in the “finance” and “well being” categories – not convenience. Very few of these companies have the experience or willingness to extend their B2B or B2B2C mission-critical applications into an unknown world where users control virtually all elements of their identity information.

Market places require sellers and buyers. They don’t exist without both. Right now, I think that there are buyers who understand the need and would appreciate a solution. However, there are few sellers willing to participate in that market place under those terms – at least for the moment.

Cash still works, but it’s an inconvenient way to pay the bills.

Kudos & Quibbles

I received a nice nod from Dave Kearns in his newsletter. Thanks, Dave.

However, not to quibble (too much) there’s a nuance to the piece that I’d like to (gently) reposition.

Dave closes by chiding vendors – including my employer Oracle – saying that vendors need to provide identity applications that are useful to us in our daily lives. I thought that the timing of the statement was ironic, coming on the very day that the Liberty Alliance announced another set of qualified vendors having passed the Liberty Interoperable testing program – including my employer Oracle. The total of qualified products from a variety of vendors is now around 75.

Now to my quibble. The closing paragraph in my original posting included the following statement: “We do need enterprise Service Providers to begin to deploy these Identity Provider services more rapidly.” I mean that the financial institutions, government agencies, etc. should be doing the deploying of the 75 solutions that the vendors have created.

So, the technology exists to solve this business problem. The question remains: Who will take my money to manage this for me securely?

PS: One more quibble … I only this year became Vice President of the Liberty Alliance, having succeeded my good friend and industry colleague Timo Skytta of Nokia. He did a fantastic job for the Alliance and has been a tough act to follow.

PPS: Timo, I’m still waiting for the “other” job description…